I was thinking about using Java EE without any framework (eg. Spring), if possible, to perform user authentication. I use PG, JPA, JSF, Java EE, Glassfish and EJB in my project.
In Glassfish web.xml would do it for me. Problem is, that I found a lot of possibilities to do it with 3 tables - USER, USER_IN_GROUP and GROUP, and none to do it with enum role and just 1 table - USER (with role as a column), which should be imo much easier and lighter.
Role enum like:
public enum Role {
User, Admin;
}
User entity like:
public class User implements Serializable {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String nick;
private String pass;
@Enumerated(EnumType.STRING)
private Role roles;
//Getters and Setters
}
In web.xml I use Basic method to test credentials.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>issuetrack-realm</realm-name>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
<security-role>
<description/>
<role-name>Admin</role-name>
</security-role>
The Realm using JDBCRealm looks like this: Realm in Glassfish
After I try to login it says: Warning: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception.
Any suggestions?
Login failed: Security Exception was just a problem in setting of the realm. I don't secure my password in db and I left Digest Algorithm empty = SHA-256.
The real problem is with roles there. I can't get in my app with this setting because there is a nickname principal instead of groups name (REALM setting from db).