How to use container-managed security with SPNEGO and Kerberos?
https://stackoverflow.com/questions/9894090
-
27-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm having a problem with my web app (JSF+JPA). I deploy it on Glassfish (3.1.1). For authentication I must use AD with Kerberos (LDAP auth is not allowed in my organization). I created an SPNEGO filter for this. Then I use local database to search for authenticated user and read her/his profile, roles, etc. All of security checks I do mostly by validating user's session bean in a "rendered" attribute.
My question is: is it possible (in a described environment) to somehow set current user's (principal?) roles automagically right after the authorization from data tables, so I could use container-managed security?
I can provide more code/configuration details if needed.
Solution
You have to use a Active Directory-driven realm which will retrieves all AD groups for the presented UserPrincipalName from Kerberos.
