I have been using java for many years however have never used the security features of Java EE or used EJB. In efforts to understand the concepts I went through the tutorial for Java EE 6 and currently trying to build an application. For authenticaiton, I understand that the users would be created in the glassfish server through the admin interface, however I am confused regarding this approach. I am used to using the security via a database. For instance creating a user and a role table in the database. This way the related tables in the database can know the userid and its roles. I would like to try to use the security approach how it is described in the tutorial in efforts to educate myself.
I am confused about how the user that is created on a glassfish server would be associated in a user defined database. For instance lets take a simple relationship of a user and a addressbook. There would be a userid that would connect both tables. If the users are created on a glassfish server how would user defined database use this information? I would think that there should be a users table created on the user defined database. If that is the case how would the users in the glassfish server keep in synch with the users in the database? We create/edit/delete users in the glassfish server, so if using this approach how would the same information get synched up with the users table in the database? The second approach that I would think is not to create users table on the database and pass the user id to the address bean while performing updates. However I am not comfortable with this approach as the userid that would be in the address table would not check for any constraints as it would not be a foreign key.
Another confusion is how would one create a user interface for user to reset password if the user is on glassfish server?
Am I on the right track or am I completely missing the point?
Thanks for reading this and any feedback would greatly be appreciated.
I have not implemented the File, Database or the LDAP Realm - but have first-hand experience with the Certificate Realm-based authentication in Glassfish, so I can provide some pointers that might help.
With each authentication Realm in Glassfish, it has "hooks" that allows it to communicate with other authentication sources. With the Database Realm, you essentially configure JDBC drivers for that DB and provide information that allows GF to authenticate users against the DB. With the LDAP Realm, you configure the LDAP connection parameters so that GF can authenticate users against LDAP.