Browsing 196 AuthConfigProviders with AJAX

JSR 196, Java Authentication SPI for Containers, defines SPI for providers plugging into containers for message authentication. It is currently under Proposed Final Draft (PFD) and GlassFish v2 (b40 rc or above) has an implementation of PFD of this JSR. On the other hand, AJAX is another new and exciting technology in the Web 2.0 area. In this blog, I will share my experience with you about constructing a web tool to browse 196 AuthConfigProviders registered in GlassFish by using AJAX tree.

I find that it is very helpful to use jMaki plugin in NetBeans 5.5.1. A jMaki widget can be created in a jsp application by simply drag-and-drop. A very good tutorial can be found in jMaki NetBeans 5.5 screencast.

In the following, I will outline steps to create my web application.

  1. Create a "Web Applicatons" project with name listacp using NetBeans as described in above screencast.
  2. Open index.jsp if it is not already open. Then drag and drop a "jMaki Yahoo Tree" from the left Palette to the jsp. And the following code will be generated in the jsp:

      <a:ajax name="yahoo.tree"/>

    This will create a AJAX Tree with the default data.

  3. We would like to construct the tree using data in JSON format from GlassFish server. In our case, the data is coming from acpdata.jsp. We need to modify the above as follows:

      <a:ajax name="yahoo.tree" service="/acpdata.jsp"/>

  4. In acpdata.jsp, we need to get a complete list of AuthConfigProvider. This can achieved by getting a complete list of registration ID first.

      AuthConfigFactory factory = AuthConfigFactory.getFactory();
      if (factory != null) {
        String[] regisIDs = factory.getRegistrationIDs(null);

    And for each registration ID, we can get RegistrationContext and AuthConfigProvider as follows:

      RegistrationContext regContext = factory.getRegistrationContext(regisID);
      if (regContext != null) {
        String layer = regContext.getMessageLayer();
        String appContext = regContext.getAppContext();
        AuthConfigProvider provider = factory.getConfigProvider(layer, appContext, null);

  5. Then we need to output the data in corresponding JSON format. An example of the format from corresponding source of the Yahoo Tree Widget can be found in jMaki Widget Gallery. For instance, in our case, acpdata.jsp outputs the data as

      { root: {
        title: '196 factory:',
        expanded: 'true',
        children: [
          title: 'registrationID = __2SOAP',
          expanded: 'false',
          children: [
            { title: 'messageLayer = SOAP'},
            { title: 'appContext = null'},
            { title: 'description = WSIT AuthConfigProvider'},
            { title: 'persistent = false'},
            { title: 'provider = com.sun.xml.wss.provider.wsit.WSITAuthConfigProvider@14a8f44'}

  6. Protect the web application
    Since the list of AuthConfigProviders will reveal what has been deployed in the given GlassFish installation, we would like to protect this web application so that only users of asadmin group of admin-realm can access it. We can achieve this by:

    Adding security setting in web.xml through NetBeans by navigating the Web application on panel of NetBeans: Web Pages > WEB-INF, open web.xml, and click Security, and modifying it as follows:
      Login Configuration: Basic
      Realm Name: admin-realm

      Add Security Roles: admin

      Add Security Constraint
        Resource Name: secure resource
        URL Pattern(s): /\*

      Click on "Enable Security Constraint"
        Role Names: admin

    Then, adding the security-role-mapping to sun-web.xml through "Edit As XML" mode:


  7. If we package the war file and deploy, then we can access


    Enter your admin username and password. Everything works! The only drawback is the war file size is too big right now. In order to make it smaller, we have to remove unused AJAX libraries manually at this moment. (Try your best effort!) I hope the tool will only put in the required scripts in the future.

One can download my sample AJAX 196 AuthConfigProvider browser here. Note that we need to use a browser supporting AJAX (Firefox, Internet Explorer et al, not Mozilla 1.x) in order to run this example.

Thanks for the good example.

Posted by Dennis on March 23, 2007 at 12:03 PM PDT #

Today i will apply this code,I hope It will work in my project the way i am thinking this codec helpfull ,but i am looking for more of ur post regarding this kind of information.

Posted by Steve M. on September 21, 2007 at 04:05 PM PDT #

thanks for your sharing.

Posted by 天博 on January 30, 2008 at 12:24 AM PST #


Posted by define on June 03, 2008 at 01:48 AM PDT #

Thanks so much.

Posted by oyun on July 26, 2008 at 08:33 AM PDT #

Thank you

Posted by oyunlar on November 05, 2008 at 03:10 AM PST #

I like very much the writings and pictures and explanations in your adress so I look forward to see your next writings. I congratulate you.

Posted by North Cyprus Holiday on January 09, 2009 at 05:32 PM PST #

thanks for this post admin

Posted by oyunlar on January 13, 2009 at 05:30 AM PST #

Many women wish to enhance the size of their breast naturally. Some of them resort to breast enlargement pills. Women ho are hesitant to undergo breast implant surgery find it very appealing. Many women view breast enlargement pills as an easy and inexpensive way of increasing their breast size.

Posted by Breast Enlargement on February 20, 2009 at 03:54 AM PST #

Great site. I have found some info I need. Keep up!

Posted by sikiş on April 28, 2009 at 08:18 AM PDT #

Post a Comment:
Comments are closed for this entry.

Shing Wai Chan


« June 2016