Glassfish authentication : can the realm be an external database

Question

Hello

I am completely new to login and authentication concepts. I am working on a Glassfish web application that should present general content to any visitor, and some extra content for registered users logged in with username and password.

I have been reading the Java EE tutorial about security, and I thought that the Form-based or HTTP authentication would fulfill my needs ( the visitor is asked for credentials when trying to browse a secured content ).

However, my first guess was that the registred users should be stored in an external database along with their hashed and salted password. The security for web application in Glassfish seems to rely on the realm populated manually directly on the application server ( defining user and groups and mapping them to the Roles in the application ).

Did I misunderstood what security on Glassfish is intented to ? Or can a realm be a external database outside the application server ? Any link to documentation on this topic would be useful to me.

Thank you in advance

Tart

Answer 1

It is actually possible. In Glassfish, go to Configuration/Security/Realms, create a new realm and set the classname to com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm. Indicate the JDBC Resource bound to the database, and indicate the table and the columns where username/password are stored. The database shall also contains a table for the groups which the user must belong to be granted access. Indicate those also.

In the application, set up the web.xml and sun-web.xml with the realm name as usual.