Authentication in Java EE

Asked

Viewed 406 times

3

I am developing an app whose client will be Html5 + javascript (single-page-app) and the backend will be basically Jax-rs + cdi + nosql (glassfish & orientdb). In this scenario, I need help to clarify how to authenticate users.

The user data is in the orientdb database. I know I have to create an algorithm p/ connect in the bd and validate the user credentials, but for this I must create a custom Realm and a Loginmodule on its own?

1 answer

2


On an application server like Glassfish or Jboss we could solve this using standard security mechanisms. All you need to do is create a Connection pool, one JDBC Realm and implement form authentication.

Form:

<form method="POST" action="j_security_check">
  <input type="text" name="j_username">
  <input type="password" name="j_password">
</form>

Example of web.xml

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>jdbcRealm</realm-name>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/login.xhtml</form-error-page>
    </form-login-config>
</login-config>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secure Pages</web-resource-name>
        <description/>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ADMINS</role-name>
    </auth-constraint>
</security-constraint> 

That said, this authentication model may not be enough. Frameworks such as Spring Security and Apache Shiro are commonly used in web applications to provide more complete and flexible authentication and authorization implementations.

  • +1 for displaying options. The jdbc orientdb driver is outdated. I also don’t see how to create a pool for it in the app server. I don’t think this will work. Frameworks look interesting, but I have how to integrate them into java ee without having to migrate pro spring?

  • André, there is. You don’t need to use Spring in the rest of your application (and Apache Shiro is also stand alone). About the orientdb driver, I really don’t have the answer, but about the Pool there should be no problem (just include the driver in Classpath and configure via console). How the operations are very sloppy (select by user, password and roles of certain user) maybe the fact that the driver is old does not have great impact... Even so I recommend the Frameworks (there will come a time you will need some more advanced Eature and it will be missed :).

  • Thank you, Anthony! If anyone wants to create their own authentication mechanism in glassfish4, know that it’s easier than it looks. Here’s to official reference and a example that can help.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.