Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
PAYARA-2598 Hook up Soteria Identity Stores to Payara Realms #4298
This is a feature request which provides an implementation of Identity Store mapped to realm.
Following annotations are used to trigger realm identity store and authentication mechanism implementation:
Existing Realm instance:
If the realm already exists (e.g default realm file, certificate, etc) in the server then following annotation can be used to create Identity Store mapping by proving the realm name:
Dynamic Realm instance:
The new instance of realm is created and registered using
Creates a new file realm instance and register it in DAS.
To configure the Client Certificate Authentication just by using the annotation on a CDI bean.
Creates a new certificate realm instance and register it in DAS.
Creates a new pam realm instance and register it in DAS.
Creates a new solaris realm instance and register it in DAS.
Test suites executed
JDK 1.8.0_172, Windows 10, Ubuntu 18.04.3 LTS (Pam realm manual testing), Oracle Solaris 11.4 (Solaris realm mock manual test)
You probably have already discussed this stuff but what happens when redeploying an application with a modified realm? Would you need to remove the realm before deploying the application again? how would that work in case two applications use the same realm name?
Crazy idea: when using
It depends on which attribute/property modified:
Not required, but If the realm already exist with the same name but different realm class then an exception is thrown and deployment fails.
The realm is managed by
Already did some POC on the application-scoped realms which are created on each deployment but the con is they cannot be managed from asadmin commands (or console) e.g
Nice work @jGauravGupta :) Happy to see this issue, which internally took quite some preparation, has now finally been picked-up.
One remark, I originally thought of creating a mapping to just whatever realm has been configured as the default already. It was even planned for being put in the spec, but we ran out of time.
This is essentially what