geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4523) Security Realm based Group-Role Mapping
Date Sat, 07 Feb 2009 09:01:02 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671430#action_12671430
] 

David Jencks commented on GERONIMO-4523:
----------------------------------------

Something went wrong with my commt in rev 741679 and a lot of unintentional modifications
got committed.  This has been fixed in revs
741766,
741822
and
741858

I apologize for any problems this may have caused.

> Security Realm based Group-Role Mapping
> ---------------------------------------
>
>                 Key: GERONIMO-4523
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4523
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: J├╝rgen Weber
>            Assignee: David Jencks
>
> For secured applications you currently need a Geronimo-specific deployment plan which
defines among others a mapping of realm groups onto JEE roles. This goes against the spirit
of EJB3 which replaces deployment descriptors with annotations.
> It would be desirable to be able to run a standard-conforming JEE application under container
security without the need for Geronimo-specific deployment plans.
> But this raises the need of another mean to specify Group-Role Mapping. I suggest that
this can be specified at the security-realm level. A realm should be linked to a mapping (n:1
mapping, several realms should potentially use the same mapping). There should be a default
identity mapping, if you have several thousands of users in LDAP.
> Mappings should be definable via console.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message