JAAS, Glassfish and Microsoft Active DirectoryPosted: 08/21/2014
I recently had to develop an internal Java EE Web application that made use of Microsoft Active Directory, through Java Authentication and Authorization Service (JAAS), as its security mechanism. The program must be deployed in a Glassfish 4.0 application server.
I don’t want to write the same post that other people have written before, so here you have a link to a tutorial written by Marcel Gascoyne, who explains clearly the setup that it is needed. The reason why I’m writing about this issue is because I had to make a change in Marcel’s configuration: with the JVM option -Djava.naming.referral=follow, my system didn’t retrieve the groups membership of the user authenticated, I put the option as a LDAP realm property instead. Once more stackoverflow.com was key to solve the problem.
Finally, I’d like to comment that I couldn’t setup the LDAP realm through Glassfish Web admin console because I got sintax errors with the character “=”, so I had to modify the file domain.xml directly. Another question is how to enable logging on the security system, it’s easy in theory but I couldn’t do it. I found this thread in stackoverflow.com, but I didn’t figure out the logger name.