...
To manage that propery, we rely on the Tomcat Realm mechanisms. Still, there was no existing realm to satisfy our needs, which are to do the authentication either on a remote LDAP/AD or on our MongoDBCassandra, and to do the authorization on our MongoDB Cassandra (and Solr for the search part, but this is another story). This is why we have created CustomCombinedRealm and a user data model in our MongoDBCassandra.
CustomCombinedRealm is a class that belongs to the package com.francelabs.datafari.realm.
...
We developed this class to retrieve the roles of a user from our MongoDB Cassandra database, and the user authentication either from AD/LDAP or from MongoDBCassandra. That means that even if we use LDAP for authentication, we will get the corresponding roles from MongoDB Cassandra and not from LDAP.
The process is as follows:
- we start by requesting an authentication in MongodbCassandra.
- In case of success, we get the corresponding roles from it but if it fails we use LDAP for authentication.
- If the authentication succeeds, we get then the roles from MongoDB Cassandra and if it fails we return an error to the user.
...
As shown above, CustomCombinedRealm communicates with the two Realm : MongoDBRealm CassandraRealm and the JNDIRealm (AD/Ldap Realm). These classes will communicate respectively to there databases and check if the authentication succed and return the response to the CustomCombinedRealm.
...