My application currently relies on JDBC realm authentication. Recent needs have forced us to think about having LDAP authentication as well. We are thinking about using Active Directory for both authentication as well as authorization (roles). As a standalone test, I was able to authenticate my application with AD. But here is the confusion I have going forward.
If the user chooses LDAP authentication when he logs in, I authenticate the user with AD, get the user's roles and do I replicate(create a new) windows user in my database?. I have to have the user in the database, because many parts of the application is designed to retrieve the user from database
If the users chooses local login, I still should have JDBCRealm somewhere that I should use to authenticate the user. Is it possible to have multiple realms in tomcat? (I sort of know it is possible, but havent seen much documentation around it)
Any thoughts, comments, suggestions would immensely help me
Thanks K