This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes Glassfish and the fly likes Security constraints, security roles and custom OpenID authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Products » Glassfish
Bookmark "Security constraints, security roles and custom OpenID authentication" Watch "Security constraints, security roles and custom OpenID authentication" New topic
Author

Security constraints, security roles and custom OpenID authentication

Jonathan Smiths
Greenhorn

Joined: Jan 29, 2010
Posts: 15
I'm building a JEE6 project on a Glassfish server and I'm trying to authenticate in the following way:

-Use the JOpenId library to authenticate with Google Server
-Redirect to a servlet that requests Google Oauth2 access
-Redirect to a JSF index page that is restricted to authenticated users.

I could manually build authentication in every single webservice, web servlet and JSF page, but it's easy to forget this security rules, so I'd prefer to use a security mapping in web.xml.
As far as I can see however, the build in security provider is pretty limited to custom programmatic authentication. I don't want to use the predefined "form" authentication of Glassfish either, because I'm already using openid.
I'm trying to achieve something like this, but without form login.
http://stackoverflow.com/questions/9082208/programmatically-add-roles-after-authentication
When I try to edit an javax.security.auth.Subject object, it throws me a 'subject is read-only' error.

Any help on this one?
Ashish Agre
Ranch Hand

Joined: Jan 22, 2011
Posts: 73

HI Jonathan... i am using form login. But on top of that i want to use jopenid. Can this be possible.
Thanks


| B.E IT | SCJP 6.0 98 % |
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security constraints, security roles and custom OpenID authentication