Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 36807 invoked from network); 26 Jan 2009 10:46:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 26 Jan 2009 10:46:22 -0000 Received: (qmail 93530 invoked by uid 500); 26 Jan 2009 10:46:21 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 93479 invoked by uid 500); 26 Jan 2009 10:46:20 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 93470 invoked by uid 99); 26 Jan 2009 10:46:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Jan 2009 02:46:20 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Jan 2009 10:46:19 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 90A4F234C48B for ; Mon, 26 Jan 2009 02:45:59 -0800 (PST) Message-ID: <1423239413.1232966759584.JavaMail.jira@brutus> Date: Mon, 26 Jan 2009 02:45:59 -0800 (PST) From: =?utf-8?Q?J=C3=BCrgen_Weber_=28JIRA=29?= To: dev@geronimo.apache.org Subject: [jira] Created: (GERONIMO-4523) Security Realm based Group-Role Mapping MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Security Realm based Group-Role Mapping --------------------------------------- Key: GERONIMO-4523 URL: https://issues.apache.org/jira/browse/GERONIMO-4523 Project: Geronimo Issue Type: New Feature Security Level: public (Regular issues) Components: security Reporter: J=C3=BCrgen Weber For secured applications you currently need a Geronimo-specific deployment = plan which defines among others a mapping of realm groups onto JEE roles. T= his goes against the spirit of EJB3 which replaces deployment descriptors w= ith annotations. It would be desirable to be able to run a standard-conforming JEE applicati= on under container security without the need for Geronimo-specific deployme= nt plans. But this raises the need of another mean to specify Group-Role Mapping. I s= uggest that this can be specified at the security-realm level. A realm shou= ld be linked to a mapping (n:1 mapping, several realms should potentially u= se the same mapping). There should be a default identity mapping, if you ha= ve several thousands of users in LDAP. Mappings should be definable via console. --=20 This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.