geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <>
Subject RE: [security] Authentication mechanism
Date Thu, 27 Nov 2003 20:05:23 GMT
All the roles and permissions are in the web.xml.  What do you mean by
the dynamic
granting of roles to users?

	-----Original Message----- 
	From: Jan Bartel 
	Sent: Thu 11/27/2003 3:51 AM 
	Subject: Re: [security] Authentication mechanism

	Just to add to my list of questions ...
	How does the current mechanism implemented in cope with the
	granting of roles to users? Looks like it is all set in concrete
at the
	time of the commit(), or are the roles and permissions concerned
	described in the web.xml?
	thanks again
	Jan Bartel wrote:
	> I'm just taking a look at integrating the web tier security
	> Geronimo security. I've got a couple of questions:
	> 1.  When/who should call setMBeanServer on the
	>     GeronimoLoginConfiguration? Should I call it
	>     just before doing a LoginContext login() call?
	> 2.  What code is responsible for configuring the SecurityRealm
	>     instances? Should they be configurable from the
	>     security-service.xml file?
	> 3.  I still can't work out where the mapping of the user's
	>     that are retrieved by the SecurityRealm are turned into
	>     suitable for a HttpRequest.isUserInRole() call impl?
	> Any pointers on any of these would be welcome.
	> thanks
	> Jan

View raw message