geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Security configuration principal-role mapping
Date Wed, 15 Jul 2009 07:00:37 GMT

On Jul 14, 2009, at 11:29 PM, Rodger wrote:

> Previously and in a common way, we do  principal-role mapping in a  
> deployment plan (such as geronimo-web.xml,openejb-jar.xml),
> like:
> <role-mappings>
>         <role role-name="user">
>             <principal  
> class="o.a.g.s.r.providers.GeronimoGroupPrincipal" name="UserGrp"/>
>
>         </role>
> ...
> </role-mappings>
>
> But in Geronimo2.2 , after a jira https://issues.apache.org/jira/browse/GERONIMO-4523
> It seems that we can do the principal-role mapping without the need  
> for Geronimo-specific deployment plans.
> Has the feature been implemented? If so, how to do the mapping?

I'm not sure if there is an example of how to do this.

1. In a plan for a geronimo plugin, either a javaee app or service  
(gbean) plugin, include a <security> element following the http://geronimo.apache.org/xml/ns/security-2.0

  schema.  Be sure it has a name attribute.

2. add a dependency on the plugin from (1) to your javaee app.

3. In the geronimo plan for your javaee app, include a <security-ref>  
element with a <name> element referring to the <security> element in  
(1).

You still need a geronimo plan for the javaee app, this just lets you  
share the principal-role mapping between several apps.

I think that's how it works.
david jencks

> -- 
> Best Regards,
> Rodger.


Mime
View raw message