geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Commented: (GERONIMO-4523) Security Realm based Group-Role Mapping
Date Fri, 06 Feb 2009 19:10:59 GMT


David Jencks commented on GERONIMO-4523:

I don't think I have a complete solution for the flags but committed what I have so far in
rev 741679.  This restructures the security a lot to make the principal-role mapping much
more independent of the application.  I don't find any problems with this change so far but
it is pretty big so we should keep our eyes open.

> Security Realm based Group-Role Mapping
> ---------------------------------------
>                 Key: GERONIMO-4523
>                 URL:
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: J├╝rgen Weber
>            Assignee: David Jencks
> For secured applications you currently need a Geronimo-specific deployment plan which
defines among others a mapping of realm groups onto JEE roles. This goes against the spirit
of EJB3 which replaces deployment descriptors with annotations.
> It would be desirable to be able to run a standard-conforming JEE application under container
security without the need for Geronimo-specific deployment plans.
> But this raises the need of another mean to specify Group-Role Mapping. I suggest that
this can be specified at the security-realm level. A realm should be linked to a mapping (n:1
mapping, several realms should potentially use the same mapping). There should be a default
identity mapping, if you have several thousands of users in LDAP.
> Mappings should be definable via console.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message