I use an LDAP Realm in GlassFish for authentication and want to map the groups with JAAS to roles, usable in JSF. There are two groups, ADMIN and USER. My question is, how to configure the GlassFish correctly to allow both groups to login and map them to different roles.
The current configuration is, all-caps words are subtitutions for the real values:
Directory: ldap://SERVER:389
Base DN: ou=USERS,o=COMPANY
Assign Groups: Authenticated
Inside the LDAP user object, the group is in an groupMembership attribute like this:
groupMembership: cn=ADMIN/USER,ou=GROUPS,ou=FOOBAR,o=COMPANY
The current mapping is:
<security-role-mapping>
<role-name>Authenticated</role-name>
<group-name>Authenticated</group-name>
</security-role-mapping>
I only need the users of the ADMIN group to have another role, which enables me to give them access to a restricted area of my JSF application, that simply "Authenticated" users have no access to.