Thursday Jan 29, 2009
Tuesday Jan 06, 2009
By monzillo on Jan 06, 2009
Friday Nov 07, 2008
By monzillo on Nov 07, 2008
- stop the application server (i.e., asadmin stop-domain)
- edit domain.xml and add or change the security-service element to define the attribute jacc="simple"
- restart the application server. (i.e, asadmin start-domain)
Tuesday Aug 19, 2008
By monzillo on Aug 19, 2008
Monday Aug 18, 2008
By monzillo on Aug 18, 2008
Tuesday Jan 22, 2008
By monzillo on Jan 22, 2008
- implementing a JSR 196 server authentication module (i.e., a SAM), and
- configuring the SAM as a message-security-provider via the Glassfish admin console, and
- binding the SAM for use by your application via sun-web.xml.
A SAM differs from a custom realm in that the SAM can control the HTTP authentication dialog, while a realm is typically used by a system controlling the dialog (such as a SAM) to validate or augment credentials extracted from the exchanged messages. JSR 196 is also used by (and available within) the client and server-side web service pipelines of the Glassfish METRO stack.[Read More]
Tuesday Jan 15, 2008
By monzillo on Jan 15, 2008
- configure the "assign.groups" property of the Glassfish realm used for the application. This can be accomplished by using the admin console. Login to the console and navigate to the realm specific configuration screen found under configuration => security => realms. In the "Assign Group:" input box on that screen, specify the name of the group principal that you want to be assigned by the realm.
- declare a role either within the corresponding portable deployment descriptor, or by using either the @declareRoles or @rolesAllowed annotations.
- map the assigned group principal to the declared role, as described in Principal 2 role mapping and Glassfish. If the default mapping is employed to map the group principal to the role, the name of the role must be equivalent to that of the assigned group. Otherwise, the role may be given any name.
Tuesday Dec 18, 2007
By monzillo on Dec 18, 2007
Friday Nov 16, 2007
By monzillo on Nov 16, 2007
- SEC5054: Certificate has expired
- How to Configure an Alternative Glassfish Container Policy Provider
- Java EE 6 and Servlet 3.0 Converge on Container Security Functionality
- Adding Pluggable Authentication to all Servlet 3.0 Containers
- Defining Security Constraints on Content under Glassfish Docroot
- Servlet 3.0: HTTP method exception lists in security constraints
- Prelude includes Portable, In-Memory JACC Provider
- Servlet security constraints - summary and recommendations
- Using JACC to determine a caller's roles
- Pluggable Authentication in the Glassfish Web Tier