With Mongo-Realm you can store your users credentials directly in MongoDB with other data of your applicaton. Forget about setting up separate MySQL or LDAP server only for storing users data.
- download mongo-realm jar and put it in your glassfish domains lib folder (i.e.
$GLASSFISH_HOME/glassfish/domains/$DOMAINNAME/lib/) - at the end of
$GLASSFISH_HOME/glassfish/domains/$DOMAINNAME/config/login.conffile paste:
mongoRealm {
com.tadamski.glassfish.mongo.realm.MongoLoginModule required;
};
- create realm in glassfish using
asadmintool
asadmin create-auth-realm --classname com.tadamski.glassfish.mongo.realm.MongoRealm --property jaas-context=mongoRealm $REALM_NAME
- configure your applicaton to use newly created realm (in most cases few lines in
web.xmlwill be enough)
By default:
Mongo-Realm connects to localhost on 27017 and looks for data in users database in users collection. Informations about users are stored in separate documents [one user = one document]. Each document contains login, password simple string properties and groups with array of group names user belongs to. All passwords are hashed using SHA-512 function.
Salt property is appended to the password before hashing. For users without salt, it will be generated on the first login.
Custom configuration:
Of course defaults can be overriden. Simply add properties to realm created in 3rd step of Setup.
| Property name | Default value |
|---|---|
| mongo.hostname | localhost |
| mongo.port | 27017 |
| mongo.db.name | users |
| mongo.collection.name | users |
| login.property | login |
| salt.property | salt |
| password.property | password |
| groups.property | groups |
| hash.function | SHA-512 |