i decided to write my own JAAS login module. So far everything works fine, yet there is something i can't google out. Assume the login function by LoginContext has successfuly authenticated a user. How do I attach user roles to the authenticated subject so that it works with security constraints in web.xml file? Also how do I make it work with security annotations for my session beans? The way of aquiring the user roles is clear of course, the question is where do i put this data so it throws an exception on privileged functions if not authorized. I am using glassfish 3 and the point of my attempt is to create something like databaseloginmodule from jboss. Thank you for reading this, any hints, keywords are welcomed. stu
1 Answers
0
votes
If you're using glassfish3, did you already consider the jdbc realm?
http://blogs.oracle.com/foo/entry/mort_learns_jdbc_realm_authentication
