I can't find out how to get roles from database (JDBC) for user authorised with Kerberos. Kerberos login works ok but user doesn't have any roles. I used spnego-r7 to run Kerberos - htt开发者_Go百科p://spnego.sourceforge.net/index.html I can't find any tutorial or advices how to do it. Do you have any idea or example?
This is your task, not Kerberos'. Kerberos is solely authentication. When the userprincipal is passed from the response look that up in your JDBC realm and retrieve your roles. This means that it is a two step process.
You can (1) handle user groups in a non-container managed way (i.e. in your application) or (2) try to tie into the container specific security mechanism. I haven't successfully tapped into Glassfish security for assigning groups, but it appears you must create at least two classes: one that extends com.sun.appserv.security.AppservRealm, and one that extends com.sun.appserv.security.AppservPasswordLoginModule. The former has a method named getGroupNames which takes a username as a parameter and the later has a method named commitUserAuthentication which takes an array of group names. Unfortunately it isn't clear how it is supposed to work and seems poorly documented. More information here: http://docs.oracle.com/cd/E19226-01/820-7695/beabs/index.html and here: https://blogs.oracle.com/nithya/entry/groups_in_custom_realms
精彩评论