geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shenghao Fang <michael1224.f...@gmail.com>
Subject Re: [Question] How to auto-map roles to groups in the realm
Date Tue, 22 Mar 2011 02:26:16 GMT
Thanks for your replies.

2011/3/22 Shawn Jiang <genspring@gmail.com>:
> 1, D:\src\trunkgit\plugins\j2ee\j2ee-deployer\src\main\plan\plan.xml
>     <gbean name="SecurityBuilder"
> class="org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl">
>         <attribute
> name="credentialStoreName">?name=CredentialStore#</attribute>
>         <references></references>
>     </gbean>
>
>
> 2,
> org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl.GeronimoSecurityBuilderImpl(AbstractNameQuery,
> AbstractNameQuery, Environment)
>     public GeronimoSecurityBuilderImpl(@ParamAttribute(name =
> "credentialStoreName")AbstractNameQuery credentialStoreName,
>                                        @ParamAttribute(name =
> "defaultRoleMappingName")AbstractNameQuery defaultRoleMappingName,
>                                        @ParamAttribute(name =
> "defaultEnvironment")Environment defaultEnvironment) {
>         this.defaultCredentialStoreName = credentialStoreName;
>         this.defaultRoleMappingName = defaultRoleMappingName;
>         this.defaultEnvironment = defaultEnvironment;
>     }
>
> There's a mechanism there to do default role mapping.   But there's no
> default role mapping implementation for now.
> I think you might want to add one by
> implementing org.apache.geronimo.security.jacc.PrincipalRoleMapper  and then
> add it as a reference of  "SecurityBuilder" in the deployment plan.
> On Tue, Mar 22, 2011 at 12:13 AM, David Jencks <david_jencks@yahoo.com>
> wrote:
>>
>> People have discussed implementing this but at the moment you have to
>> explicitly map principals, including group principals, to roles.
>>
>> thanks
>> david jencks
>>
>> On Mar 21, 2011, at 6:50 AM, Shenghao Fang wrote:
>>
>> > Hi All,
>> >
>> > I'm finding a way to map all groups in the realm to roles without
>> > explicitly defining them in the deployment descriptor.
>> > I searched the web and it looks like Geronimo supports such function.
>> > But I didn't find any document about it.
>> > Could anyone give any sample? Thanks.
>> >
>> >
>> > --
>> > Michael
>>
>
>
>
> --
> Shawn
>



-- 
Michael

Mime
View raw message