geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Weber (JIRA) <>
Subject [jira] Created: (GERONIMO-4523) Security Realm based Group-Role Mapping
Date Mon, 26 Jan 2009 10:45:59 GMT
Security Realm based Group-Role Mapping

                 Key: GERONIMO-4523
             Project: Geronimo
          Issue Type: New Feature
      Security Level: public (Regular issues)
          Components: security
            Reporter: Jürgen Weber

For secured applications you currently need a Geronimo-specific deployment plan which defines
among others a mapping of realm groups onto JEE roles. This goes against the spirit of EJB3
which replaces deployment descriptors with annotations.
It would be desirable to be able to run a standard-conforming JEE application under container
security without the need for Geronimo-specific deployment plans.
But this raises the need of another mean to specify Group-Role Mapping. I suggest that this
can be specified at the security-realm level. A realm should be linked to a mapping (n:1 mapping,
several realms should potentially use the same mapping). There should be a default identity
mapping, if you have several thousands of users in LDAP.

Mappings should be definable via console.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message