geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Jiang <genspr...@gmail.com>
Subject Re: [Question] How to auto-map roles to groups in the realm
Date Tue, 22 Mar 2011 02:01:24 GMT
1, D:\src\trunkgit\plugins\j2ee\j2ee-deployer\src\main\plan\plan.xml

    <gbean name="SecurityBuilder"
class="org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl">
        <attribute
name="credentialStoreName">?name=CredentialStore#</attribute>
        <references></references>
    </gbean>



2,
org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl.GeronimoSecurityBuilderImpl(AbstractNameQuery,
AbstractNameQuery, Environment)

    public GeronimoSecurityBuilderImpl(@ParamAttribute(name =
"credentialStoreName")AbstractNameQuery credentialStoreName,
                                       @ParamAttribute(name =
"defaultRoleMappingName")AbstractNameQuery defaultRoleMappingName,
                                       @ParamAttribute(name =
"defaultEnvironment")Environment defaultEnvironment) {
        this.defaultCredentialStoreName = credentialStoreName;
        this.defaultRoleMappingName = *defaultRoleMappingName*;
        this.defaultEnvironment = defaultEnvironment;
    }


There's a mechanism there to do default role mapping.   But there's no
default role mapping implementation for now.

I think you might want to add one by
implementing org.apache.geronimo.security.jacc.PrincipalRoleMapper  and then
add it as a reference of  "SecurityBuilder" in the deployment plan.

On Tue, Mar 22, 2011 at 12:13 AM, David Jencks <david_jencks@yahoo.com>wrote:

> People have discussed implementing this but at the moment you have to
> explicitly map principals, including group principals, to roles.
>
> thanks
> david jencks
>
> On Mar 21, 2011, at 6:50 AM, Shenghao Fang wrote:
>
> > Hi All,
> >
> > I'm finding a way to map all groups in the realm to roles without
> > explicitly defining them in the deployment descriptor.
> > I searched the web and it looks like Geronimo supports such function.
> > But I didn't find any document about it.
> > Could anyone give any sample? Thanks.
> >
> >
> > --
> > Michael
>
>


-- 
Shawn

Mime
View raw message