Geek Answers Handbook

How to use the user principle in the user area of ​​security (Glassfish)?

I followed the instructions to create my own safety area for my glass fish. Everything works fine, users are authenticated correctly. However, the problem is this:

  • User credentials are encrypted in a string.
  • The area decrypts this string and performs database authentication (works)
  • Instead of using decrypted values ​​as a principal in a securityContext, an encrypted string is passed.

I already tried to override the commit () method to replace _userPrincipal or to attach my own implementation using getSubject().getPrincipals().add(new PrincipalImpl("user")) . There was nothing of the kind. Basically the question is simple like this: how can I install my own security manager in a glass shawl so that it can be used with the injected securityContext?

My environment:

  • Glassfish 3.1.2.2 (Build 5) Full Profile
  • The authentication application is a JAX-RS 1.1-based application.
  • SecurityContext obtained by injection
+6
source share
1 answer

I already tried to override the commit () method to replace _userPrincipal or attach my own implementation using getSubject (). getPrincipals (). add (new PrincipalImpl ("user")). nor worked as expected.

What error do you get?

Despite this, I think your problem is the third step of this process. SecurityContext only defines BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH as AuthenticationScheme, so maybe SecurityContext cannot see your implementation of your scheme or type of security. But you can try these steps, and I hope that they will work for you.

A - Implement Java Authentication and Authorization Service (JAAS) LoginModule or extend com.sun.appserv.security.AppservPasswordLoginModule

 public class MyLoginModule extends AppservPasswordLoginModule { @Override protected void authenticateUser() throws LoginException { if (!authenticate(_username, _password)) { //Login fails throw new LoginException("LoginFailed"); } String[] myGroups = getGroupNames(_username); commitUserAuthentication(myGroups); } private boolean authenticate(String username, String password) { /* Check the credentials against the authentication source, return true if authenticated, return false otherwise */ return true; } private String[] getGroupNames(String username) { // Return the list of groups this user belongs to. }

B- Introducing the class of your class.

 public class MyRealm extends AppservRealm { @Override public void init(Properties props) throws BadRealmException, NoSuchRealmException { //here you initialize the realm } @Override public String getAuthType() { return "Custom Realm"; } }

C- Install and configure the area and LoginModule on the server.

To do this, you need to look at JSR 196 and write your own SAM by typing javax.security.auth.message.module.ServerAuthModule. Take a look at the link below. https://blogs.oracle.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the

+2
source

More articles:


All Articles