Configuring Realm

Hi,

After you have decided the type of connection(jdbc or file) you have to configure your realm as

Creating custom realm -------
1. Go to GlassFish(GF) admin Console http://localhost(IP):4848/.
2. Left panel Configuration --> Security --> Realm
tht will look like the image SERVERREALM
3. Right Panel Click New
4. Give any name you like just as MyRealm



5. ClassName you can use predefined class or provide your own class name.
6. Provide JAAS_CONTEXT as sampleRealm
this is the name same as u provide in
/SUNWappserver/domains/domain1/config/login.conf
sampleRealm {
complete path custom login module with required;
};
7. Now place this custom Class file making the proper packaged jar of
loginModule and RealmClass(If Custom Realm).
Put this jar in the /home/gaurav/SUNWappserver/lib
8. Now Restart the server.

Custom Login Module

import com.sun.appserv.security.AppservPasswordLoginModule;
import com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm;
import javax.security.auth.login.LoginException;

/**
* Class SimpleCustomLogin is used for designing our own custom module
* it extends a class provided by GF server that helps us authenticating the user
* Using this we need to take care of single method authenticateUser() that will
* have our logic to confirm about the user.
*/
public class SimpleCustomLoginModule extends AppservPasswordLoginModule {

public SimpleCustomLoginModule() {

//maintaining the log to ensure that our LoginModule is initialized.
log("SimpleCustomLoginModule: Initialization");

}//end of constructor

/**
* this method helps us maintain server log
* so that we can make amendments according to our need
* and it also helps determining the flow.
*/
private void log(String s) {
System.out.println((new StringBuilder())
.append("SimpleCustomLoginModule::").append(s).toString());
}//end of log()

/**
* This is the method we need to overrdide which will have our LOGIC for
* authentication .In this we are using the DATABASE as backend for user.
* So we need to use the JDBCRealm ( Realm - is a set of roles of user
* with their respective users to know more about realm check this out
* http://download.oracle.com/javaee/5/tutorial/doc/
* OR
* http://download-llnw.oracle.com/javaee/6/tutorial/doc/bncas.html).
* Now we need to configure this realm in
* our web.xml under login-config tag from where the server retrieves it.
* Also maintaining evrything in the server log as well.
* We paas authenticated user group(roles here) to commitUserAuthentication
* method for authorization.

*/
@Override
protected void authenticateUser() throws LoginException
{
System.out.println("in authenticate user.....");
//getting the instance of current realm as JDBCRealm
JDBCRealm samplerealm = (JDBCRealm)_currentRealm;
System.out.println("jdbc realm as ....." +samplerealm);

/**
* Checking the instance of the realm whether its taking our JDBC realm
* or not. This will load the user's from database with their name,
* password and roles. Else if not will throw LoginException.
*/
if ( !( _currentRealm instanceof JDBCRealm ) ) {
String msg = sm.getString("filelm.badrealm");
System.out.println("not instance of jdbc realm ....");
throw new LoginException(msg);
}

/**
* Here we get the user's roles from the database in grplist array.
* But here we get only one element in the array.So we need to check.
* Since the value stored in table is in form of varchar(simple strings)
* as roles -- "user,test,......so on"
* Hence we separate it later in groupListToForward.
*/
String[] grpList = samplerealm.authenticate(_username, _password);
System.out.println("username " + _username + "password " + _password);
System.out.println("length from jdbc authenticate ... groups are.." + grpList);

/**
* This id to check whether the user group(role) is null or not.
*/
if ( grpList == null ) { // JAAS behavior
String msg = sm.getString("filelm.faillogin", _username);
throw new LoginException(msg);
}//endif


/**
* make a copy of groupList to pass to LoginModule.
* DO NOT PASS the grpList as is - as it will get overwritten.
* Resulting in logins passing only once.
* In the above grouplist we get only string with multiple user's role.
* grplist value will be like "user,weballow,test"
* But here we split them into multiple roles as roles as
* 1. user 2. weballow 3. test
* That will be passed for proper authorization.
*/
String[] groupListToForward = grpList[0].toString().split(",");
System.out.println("values of group array ..." + groupListToForward.length);
for (int i = 0; i< groupListToForward.length; i++) {
System.out.println("value of groups " + groupListToForward[i].toString());
 }
System.out.println("calling commit...");
commitUserAuthentication(groupListToForward);
  }//end of authernticateUser()

}//end of SimpleCustomLoginModule

Configuring Database in Glassfish(GF) Server

Hi All,

I have tried making an application implementing JAAS on GlassFish(GF) server for a Web and EJB.

To configure your database with GF you have to follow these steps as

1. Start your GF server.

2. Go to your admin console http://localhost(or IP):4848/

3. In the left panel you will find Resouces --> JDBC --> Connection Pools

4. Now on the right panel create a new databse connection as

6. Give the name you would like to name your databse connection
Name : myDB
Resource Type : javax.sql.DataSource
Databse Vendor : mysql

7. Now go to JDBC resource there again add new connection
JNDI Name : jdbc/mySql
Pool Name : myDB
Description : This is my DB connection.
Status : Enabled

8. After creating the connection edit its properites as and you may remove all other properties
datasource-jndi : jdbc/mySql
user-table : usertable
user-name-column : userid
password-name-column : password
group-table : grouptable
group-name-column : groupid
jaas-context : jdbcRealm
digest-algorithm : none

Now to use this connection in your existing application configure your GlassFish(GF) server's realm.
Configuring your own realm. You can check in the same


Regards,
Gaurav Agarwal

Secure Web And EJB - JAAS in Glassfish (GF)

Hi All,

Here are the steps if you wish to create a secure Web and Ejb application using JAAS.

1. If you wish to use your database connection then you need to create a database connection to GlassFish(GF) server. See Configuring Database in GlassFish(GF) Server.

2. After this you need create your realm which has been described in Confuguring Realm

3. Now you need to create your CustomLoginModule.

4. Then lastly you have to set web.xml as in the picture

5. The same role has to mapped in sub-web.xml as