Java EE 6 Security Model: How to Add or Remove a User

Question

Java EE 6 Security Model: How to Add or Remove a User

I read most of the documentation, I only see the use of @RolesAllowed or @DeclareRoles , how can I add a user or delete a user. I have a user table with username and password in my database, how can I make my web application to authenticate this user? How can I map these users (primary) to specific roles. A sample code would be greatly appreciated. Many thanks

+4

java java-ee security

Thang pham Jul 21 '10 at 18:14

source share

2 answers

JavaEE does not define user and role management, only how the application interacts with them.

The implementation of specific server functions depends on the specific functionality.

+1

skaffman Jul 21 '10 at 18:24

source share

Vineet reynolds · Accepted Answer · 2010-07-21T18:24:58+0000

The JAAS authentication module is required to authenticate the user, defining principles that may include mapping users / managers existing in the database to roles defined in the source code.

Assuming you are using GlassFish v3 for Java EE 6, you need to create and configure a JDBC scope in GlassFish for this purpose. Be warned that the area configuration may not have a one-to-one mapping with the user table in your database, in which case you need to either modify the table definition or expand the entry module to create your own schema.

Despite setting up the database scope, you still need to map the Java EE roles defined in your source code to the actual roles in the scope. This is done using deployment descriptors for a specific application server.

Java EE 6 Security Model: How to Add or Remove a User

More articles: