User/group implementation compatible with JAAS

I plan to create a Java EE application in which, obviously, there will be users, groups and rights. As this application is all new, I'll use Java EE 6 and EJB security annotations : @RolesAllowed, @DeclareRoles, ...

In this context, I'm looking for a way to implement simply the users/groups/roles management. So, is there any lib I could plug in my webapp that would allow me to create users, groups and assign them roles ? Or will i have to do all that job by myself ?

EDIT From w开发者_如何学运维hat I've discovered, this can be achieved using a JDBC Realm. More specifically, using as an example Flexible JDBC Realm, all I have to do is to declare Users/Groups in my application, then bind them to that realm. Am I right ?

Maybe you can try LDAP directory (e.g. OpenDS). It's quite easy to setup LDAP JAAS realm on Glassfish and you can manage groups and users externally then. If you wan't to implement it in database you can use JDBC realms and configure them to work on your application's schema. You will have to manage users and groups on your own but it's possible to configure provided JAAS modules and you usually don't have to write your own.

Turned out there is no real JavaEE spec for that : if the realm definition is covered by JavaEE spec, most of the realm code is specific to both application server and underlying storage system.