File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Glassfish and the fly likes Security constraints, security roles and custom OpenID authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Glassfish
Bookmark "Security constraints, security roles and custom OpenID authentication" Watch "Security constraints, security roles and custom OpenID authentication" New topic
Author

Security constraints, security roles and custom OpenID authentication

Jonathan Smiths
Greenhorn

Joined: Jan 29, 2010
Posts: 15
I'm building a JEE6 project on a Glassfish server and I'm trying to authenticate in the following way:

-Use the JOpenId library to authenticate with Google Server
-Redirect to a servlet that requests Google Oauth2 access
-Redirect to a JSF index page that is restricted to authenticated users.

I could manually build authentication in every single webservice, web servlet and JSF page, but it's easy to forget this security rules, so I'd prefer to use a security mapping in web.xml.
As far as I can see however, the build in security provider is pretty limited to custom programmatic authentication. I don't want to use the predefined "form" authentication of Glassfish either, because I'm already using openid.
I'm trying to achieve something like this, but without form login.
http://stackoverflow.com/questions/9082208/programmatically-add-roles-after-authentication
When I try to edit an javax.security.auth.Subject object, it throws me a 'subject is read-only' error.

Any help on this one?
Ashish Agre
Ranch Hand

Joined: Jan 22, 2011
Posts: 73

HI Jonathan... i am using form login. But on top of that i want to use jopenid. Can this be possible.
Thanks


| B.E IT | SCJP 6.0 98 % |
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security constraints, security roles and custom OpenID authentication
 
Similar Threads
unable to retrieve value from session in a jsp/java web app
Redirect to the requested page failed using form-based authentication
Web app Security Confusion
Custom Authentication & Authorization
Problem with direct access to login form