geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Weber (JIRA) <j...@apache.org>
Subject [jira] Created: (GERONIMO-4523) Security Realm based Group-Role Mapping
Date Mon, 26 Jan 2009 10:45:59 GMT
Security Realm based Group-Role Mapping
---------------------------------------

                 Key: GERONIMO-4523
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4523
             Project: Geronimo
          Issue Type: New Feature
      Security Level: public (Regular issues)
          Components: security
            Reporter: Jürgen Weber


For secured applications you currently need a Geronimo-specific deployment plan which defines
among others a mapping of realm groups onto JEE roles. This goes against the spirit of EJB3
which replaces deployment descriptors with annotations.
It would be desirable to be able to run a standard-conforming JEE application under container
security without the need for Geronimo-specific deployment plans.
But this raises the need of another mean to specify Group-Role Mapping. I suggest that this
can be specified at the security-realm level. A realm should be linked to a mapping (n:1 mapping,
several realms should potentially use the same mapping). There should be a default identity
mapping, if you have several thousands of users in LDAP.

Mappings should be definable via console.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message