PAM Identity Store
Since Payara Server 5.194
The Payara API provides a @PamIdentityStoreDefinition annotation that creates an identity store to authenticate the users using the pam realm.
Usage
The PAM realm identity store is defined through the @PamIdentityStoreDefinition annotation.
Specifying this in a valid place as defined by the Jakarta EE Security API will create the identity store.
Often this may mean that any class is a valid position.
If a PAM realm is not found with the defined name then a new PAM realm is registered on the server using the create-auth-realm asadmin command,
otherwise the existing PAM realm instance is used to authenticate the users.
Example
The following code sample illustrates how to configure PAM realm identity store:
@ApplicationScoped
@ApplicationPath("/rest")
@DeclareRoles({ "a", "b"})
@BasicAuthenticationMechanismDefinition(realmName = "pam-realm")
@PamIdentityStoreDefinition("pam-realm")
public class MyRestApp extends Application {
}Configuration
The PAM realm identity store can be configured with both @PamIdentityStoreDefinition annotation attributes and MicroProfile Config properties. The annotation and MicroProfile properties have several configuration options.
They are detailed as shown below.
| Option | MP Config property | Description | Default | Required |
|---|---|---|---|---|
|
The name of PAM realm. |
true |
||
|
|
The users are assigned membership to these groups for the purposes of authorization decisions. |
||
|
|
The JAAS Context of Pam realm. |
|
Note : If both an annotation attribute and a MicroProfile Config property are defined for the same option
then the MicroProfile Config property value always takes precedence over the @PamIdentityStoreDefinition annotation value.