Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is there any documentation how to create custom security realm #23759

Open
sysmat opened this issue Jan 7, 2022 · 4 comments
Open

is there any documentation how to create custom security realm #23759

sysmat opened this issue Jan 7, 2022 · 4 comments
Labels
Documentation

Comments

@sysmat
Copy link

sysmat commented Jan 7, 2022

Environment Details

  • GlassFish Version (and build number): 6.0.0
  • JDK version: 8
  • OS:
  • Database:

Problem Description

  • dose it need osgi Activator, which felix version?
  • should be maven packaging bundle?
  • a custom realm which class to extend?
  • a custom LoginModule which class to extend?
  • to defined in login.conf
  • where to put custom jar in modules folder
@dmatej dmatej changed the title is there any documentation how to create custem securety realm is there any documentation how to create custom security realm Jan 23, 2022
@dmatej
Copy link
Contributor

dmatej commented Jan 23, 2022

At this moment we just refreshed the old documentation for GF7. To realms and login modules are related these parts:
https://glassfish.org/docs/SNAPSHOT/security-guide.html#gkbiy
https://glassfish.org/docs/SNAPSHOT/reference-manual.html#create-auth-realm-2

The implementation is quite obsoleted, but there is yet the authorization specification, so I believe this should work too (probably with some updates in package names):
https://developer.ibm.com/tutorials/j-javaee8-security-api-2/

@arjantijms
Copy link
Contributor

arjantijms commented Jan 25, 2022
edited
Loading

so I believe this should work too (probably with some updates in package names):

Indeed, jakarta.* packages now, otherwise unchanged. That would be the default way to go. Custom realms (which are a GlassFish specific way to add what has been standardised as an IdentityStore in Java EE/Jakarta EE) are slightly painful to add. Exactly because of what is already mentioned in the openings post, you need the LoginModule/Realm combination (LoginModule delegates to Realm) and the registration in login.conf. From the top of my head, the jar packaging them has to go in /lib and you need to add them to domain.xml as well.

The reason for the split btw was the idea that the LoginModule is purely the IdentityStore (doing only the credentials in -> username/groups out function), while the Real is the underlying IdentityDAO (having a huge amount extra methods to add, delete, update, etc identities). However in GlassFish it all got mixed up at some point, and often the Realm is leading instead of being purely underlying. To make matters worse, AFAIK, almost no Realm actually implements all the DAO features except for the build-in FileRealm.

We once had a TODO to clean this up a little, but with the Jakarta Security API the need had been greatly diminished.

@github-actions
Copy link

This issue has been marked as inactive and old and will be closed in 7 days if there is no further activity. If you want the issue to remain open please add a comment

@github-actions github-actions bot added the Stale label Jan 26, 2023
@github-actions GitHub Actions
Copy link

This issue has been marked as inactive and old and will be closed in 7 days if there is no further activity. If you want the issue to remain open please add a comment

@github-actions github-actions bot added the Stale label Jan 27, 2024
@dmatej dmatej removed the Stale label Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sysmat @dmatej @arjantijms