Ok, I found the answer. So here it is:
Basically, I tried to implement an openid-based authentication mechanism in a glass shawl. One way to do this is to use ProgrammaticLogin , but it has several drawbacks - there is no easy way to redirect back to the requested URL, and programmatic auth means more work for the programmer. Therefore, after reading, I found the best way to achieve my goal - Server or SAM authentication modules . This is part of the standard process described in JSR-196 and provides a way to create auth plug-ins for glass fish (i.e., Other than standard FORM , BASIC , etc.). This method allows you to plug in new auth modules in the servlet container, while maintaining your declarative security model.
So all I have to do is write my own SAM. Here is a quick way:
Deploy the ServerAuthModule interface, which basically boils down to the following method:
AuthStatus validateRequest(MessageInfo messageInfo, security.auth.Subject clientSubject, security.auth.Subject serviceSubject) throws AuthException
Pack your SAM in a jar and put your jar in the Glassfish library directory.
Configure SAM for use with your application. This is done in 2 stages:
- Define your SAM as the security-message provider in domain.xml.
- Associate SAM for use with your application. You can do this by specifying the httpservlet-security-provider attribute in the sun-web-app.xml of your application. Set the attribute value to the name assigned to your SAM in step 1.
Read more on this great Ron Monzillo tutorial.
UPDATE:. A simpler and more elegant solution to this problem is called AuthenticRoast . This is a Java library written by Aike Sommer that allows you to create your own pluggable authenticators.
albogdano
source share