geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (GERONIMO-4523) Security Realm based Group-Role Mapping
Date Sat, 31 Jan 2009 08:04:59 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks reassigned GERONIMO-4523:
--------------------------------------

    Assignee: David Jencks

> Security Realm based Group-Role Mapping
> ---------------------------------------
>
>                 Key: GERONIMO-4523
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4523
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: J├╝rgen Weber
>            Assignee: David Jencks
>
> For secured applications you currently need a Geronimo-specific deployment plan which
defines among others a mapping of realm groups onto JEE roles. This goes against the spirit
of EJB3 which replaces deployment descriptors with annotations.
> It would be desirable to be able to run a standard-conforming JEE application under container
security without the need for Geronimo-specific deployment plans.
> But this raises the need of another mean to specify Group-Role Mapping. I suggest that
this can be specified at the security-realm level. A realm should be linked to a mapping (n:1
mapping, several realms should potentially use the same mapping). There should be a default
identity mapping, if you have several thousands of users in LDAP.
> Mappings should be definable via console.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message