Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 16375 invoked from network); 6 Feb 2006 17:38:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 6 Feb 2006 17:38:44 -0000 Received: (qmail 10054 invoked by uid 500); 6 Feb 2006 17:38:39 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 9924 invoked by uid 500); 6 Feb 2006 17:38:38 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 9853 invoked by uid 99); 6 Feb 2006 17:38:38 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Feb 2006 09:38:38 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of ammulder@gmail.com designates 66.249.92.194 as permitted sender) Received: from [66.249.92.194] (HELO uproxy.gmail.com) (66.249.92.194) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Feb 2006 09:38:35 -0800 Received: by uproxy.gmail.com with SMTP id j3so72157ugf for ; Mon, 06 Feb 2006 09:38:14 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YKJEXuzCzvz+tyDOfvcOum0OptvirnuvjpcAtNX6Ces8wdUJ0oaxJJcGSW+LEKtEPnJXt4h3c+lWqHDlqswja9+8rR4fOq7TJy24Ma+8cApRAR0kFGGKeyzNgDlnFBWvMVOz6A3SSG9wctmdSMx/pCKP+hrr7nyZFbU+a+pKXuo= Received: by 10.66.216.11 with SMTP id o11mr2330191ugg; Mon, 06 Feb 2006 09:38:13 -0800 (PST) Received: by 10.66.219.2 with HTTP; Mon, 6 Feb 2006 09:38:13 -0800 (PST) Message-ID: <74e15baa0602060938i32dca602p82d65f3f66fd04f6@mail.gmail.com> Date: Mon, 6 Feb 2006 12:38:13 -0500 From: Aaron Mulder Sender: ammulder@gmail.com To: dev@geronimo.apache.org Subject: Re: Default Security Principal & Role Mapping In-Reply-To: <26E27098-2B62-41B4-8248-E2B169ED03EF@yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <74e15baa0602060741h37e70bexa56d0b6bc56cbebf@mail.gmail.com> <26E27098-2B62-41B4-8248-E2B169ED03EF@yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Great. So my next question is CORBA. If a CORBA client calls in to an EJB, and we have it configured to accept principals the caller provides (see below) then does role mapping (as configured in openejb-jar.xml) apply to the principals we grant the CORBA caller? If so, do they need qualifying roles for the EJB they're actually invoking, or just for calls out to other EJBs from there? Thanks, Aaron On 2/6/06, David Jencks wrote: > Assuming the principal classes are the same, the unauthenticated user > if given the admin role. > > IIUC Simon wants to make the default subjects generated by actual > login, which might make this point a bit clearer. > > > thanks > david jencks > > On Feb 6, 2006, at 7:41 AM, Aaron Mulder wrote: > > > If I have a security configuration block like this, is an > > unauthenticated user given the Admin role? Or does role mapping > > ignore the default principal? > > > > Thanks, > > Aaron > > > > > > > > > > > > > > > > > > > > > > > >