Following the Java EE 6 Tutorial I discovered how to secure the Application Server.
In particular I need an authentication mechanism for identify the users and give access to specific resources. In my project there are 3 kinds of users: customers, instructors and the agency (or the admin/superuser in this case). This means that we have 3 different roles with different privileges. The declaration of a role is defined in the web.xml file, in the following way:
<security-role>
<description>User role</description>
<role-name>USER</role-name>
</security-role>
The mapping between users and roles is specified in the sun-web.xml file, as following:
<security-role-mapping>
<role-name>USER</role-name>
<group-name>customer</group-name>
</security-role-mapping>
For my requirements the better solution is to configure a realm, which is a complete database of users and groups that identify valid users of a web application and are controlled by the same authentication
policy. Configuring a JDBC Realm on Glassfish is pretty simple. I followed this link, which is a bit old, but is suitable for our purposes. In the administration console of Glassfish we have to go on Configurations, Security and Realms, then we can add a new Realm.
These are the values of my SnowInstructionsRealm:
Realm Name: SnowInstructionsRealm
Class Name: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS Context: jdbcRealm
JNDI: jdbc/snowinstructions
User Table: user
User Name Column: email
Password Column: password
Group Table: user
Group Name Column: groupid
Digest Algorithm: none
It's important to note that the credentials of users and the corresponding role are saved inside the same table (user). Also each user can be mapped only to one group (which are agency, instructor, customer), which is the better choice in this case. Moreover the password are stored in clear inside the database (Digest Algorithm is set to none) in order to simplify the project in the initial phases. Maybe before the final deliver I will add the MD5 support. If you don't insert any value this option will be the default one.
Nessun commento:
Posta un commento