EJB Authentication and Authorization

Question

Is there any way to extend the authentication operation which connects a client application to an EJB, using standard JAAS/container-based security? I'm looking for a way to use more than just a username to authenticate the user (in this case a domain name is also needed). Ideally I'd like to be able to use the SessionContext.getCallerPrincipal() to get access to both the username and the domain name in the EJB.

I'm using Glassfish, if that influences the answer at all. Do I need to create a custom login module/custom realm and what should it do?

Answer 1

Adding authentication mechanisms to an EJB Container is usually a vendor specific task. I don't believe there is a standard way to do it. For Glassfish though, I believe this article will help you set up a SAM (Serve Auth Module) that can handle the authentication in any way you need. http://blogs.oracle.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the

Keep in mind this is Glassfish specific.