GlassFish supports different realms for JEE authentication; for example, file, LDAP, and JDBC realms. We are going to create a JDBC realm, which will use the information stored in the User, Groups, and User_Groups tables (exposed by user_group_view).
To create a new JDBC realm in GlassFish, browse to the GlassFish admin page (http://localhost:4848), and in the navigation menu on the left-hand side, go to Configurations | server-config | Security | Realms. On the Realms page, click on the New button.
Enter the following information into the form:
Class name
Field name |
Value |
Notes |
Name |
courseManagementJDBCRealm |
|
|
com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm |
Select from the drop-down menu. |
JAAS Context |
jdbcRealm |
|
JNDI |
jdbc/CourseManagement |
The JDBC data source we have created. See Chapter 7, Creating JEE Applications with EJB, for more details. |
User Table |
user_group_view |
The table containing the user information. We specify the view that we created earlier. |
Username Column |
user_name |
The username column in our user_group_view. |
Password Column |
password |
The password column in our user_group_view. |
Group Table |
user_group_view |
The group data is also exposed through our user_group_view. |
Group Table Username Column |
user_name |
In user_group_view. |
Group Name Column |
group_name |
In user_group_view. |
Password Encryption Algorithm |
AES |
The algorithm to encrypt passwords in the database. We are pre-populated passwords outside the application. So, this does not have much impact on our example. |
Digest Algorithm |
none |
The passwords we entered in the table are not hashed, so enter none here. |
Click on the OK button to create the realm.
We need to tell our application to use the JDBC realm created earlier. This is configured in the web.xml of the application, in the <login-config> tag. Two authentication methods are supported in <long-config>: basic and form-based.
In basic authentication, the browser displays the login form, just as in Figure 14.2. In fact, this is the default authentication method, so in the absence of the <login-config> tag in our web.xml previously, the server defaults to basic authentication.
In form-based authentication, you can specify the login page. This gives you a chance to customize the login experience.
Let's first configure the realm using basic authentication.