This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
I'm building a JEE6 project on a Glassfish server and I'm trying to authenticate in the following way:
-Use the JOpenId library to authenticate with Google Server
-Redirect to a servlet that requests Google Oauth2 access
-Redirect to a JSF index page that is restricted to authenticated users.
I could manually build authentication in every single webservice, web servlet and JSF page, but it's easy to forget this security rules, so I'd prefer to use a security mapping in web.xml.
As far as I can see however, the build in security provider is pretty limited to custom programmatic authentication. I don't want to use the predefined "form" authentication of Glassfish either, because I'm already using openid.
I'm trying to achieve something like this, but without form login.
http://stackoverflow.com/questions/9082208/programmatically-add-roles-after-authentication When I try to edit an javax.security.auth.Subject object, it throws me a 'subject is read-only' error.