geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Commented: (GERONIMO-4523) Security Realm based Group-Role Mapping
Date Sat, 07 Feb 2009 09:01:02 GMT


David Jencks commented on GERONIMO-4523:

Something went wrong with my commt in rev 741679 and a lot of unintentional modifications
got committed.  This has been fixed in revs

I apologize for any problems this may have caused.

> Security Realm based Group-Role Mapping
> ---------------------------------------
>                 Key: GERONIMO-4523
>                 URL:
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: J├╝rgen Weber
>            Assignee: David Jencks
> For secured applications you currently need a Geronimo-specific deployment plan which
defines among others a mapping of realm groups onto JEE roles. This goes against the spirit
of EJB3 which replaces deployment descriptors with annotations.
> It would be desirable to be able to run a standard-conforming JEE application under container
security without the need for Geronimo-specific deployment plans.
> But this raises the need of another mean to specify Group-Role Mapping. I suggest that
this can be specified at the security-realm level. A realm should be linked to a mapping (n:1
mapping, several realms should potentially use the same mapping). There should be a default
identity mapping, if you have several thousands of users in LDAP.
> Mappings should be definable via console.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message