geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: Tomcat to Geronimo migration
Date Sun, 22 Jan 2006 05:38:00 GMT
Just to be clear, since the terms are a little overloaded:

 - a "group" is what the "get groups for user" database query returns,
so anything returned by your view is what we'd call a "group"

 - a "role" is what the J2EE application requires, so we have you map
"groups" to "roles" (you can map any number of DB groups to a J2EE
role, indicating that any user in any of those groups counts as a
member of the role)

It's true that you can't have a dynamic number of groups.  Your
web.xml lists the J2EE roles that your application cares about, and
your geronimo-web.xml lists the database groups whose members should
count as members of each J2EE role.  So you can say "J2EE role 'foo'
contains the members of database groups 'db-foo' and 'db-bar'" but you
cannot say "J2EE role 'foo' contains the members of all database
groups" or "for every database group, create a J2EE role accordingly".
 However, since you have to list each J2EE role in web.xml, it's not
so clear to me what having a dynamic number of groups would get you.

Thanks,
    Aaron

On 1/22/06, Edson Carlos Ericksson Richter
<edson.richter@brinformatica.srv.br> wrote:
> Well I see examples in two pages, but I'm not understand.
>
> If I map roles to groups in geronimo-web.xml, I can't have dynamic
> number of groups?
> Or should I understand group as role, and I should map app roles to
> server roles?
>
> I think I'm making some confusion here, because my app has 5 tables:
> users, groups, roles, userRoles, groupRoles. And I get everything from a
> view that is a union of user roles and group roles to know what roles
> user have...
>
> Back to the problem, "group" is the term used by Geronimo to "app role"?
>
> Thanks,
>
> Richter
>
>
> Aaron Mulder escreveu:
>
> >You can set up a database security realm in Geronimo that will control
> >both the password and groups for users.  See, for example,
> >http://chariotsolutions.com/geronimo/security-configuration.html (also
> >the quick start at
> >http://chariotsolutions.com/geronimo/quick-start.html does this).
> >You'll still need a security block in the deployment plan for your
> >application module, for example, see
> >http://chariotsolutions.com/geronimo/web-plan.html#web-plan-security
> >for a WAR.
> >
> >Thanks,
> >   Aaron
> >
> >On 1/22/06, Edson Carlos Ericksson Richter
> ><edson.richter@brinformatica.srv.br> wrote:
> >
> >
> >>Ok, I've found database authentication module.
> >>But, appear I can't have database authorization.
> >>
> >>Under Tomcat, I used "select username, password from users where
> >>username=?" so, user is authenticated. And, still under Tomcat, I used
> >>"select username, rolename from userRoles where username=?" so user gets
> >>authorization.
> >>
> >>How could I accomplish this under Geronimo?
> >>
> >>Thanks,
> >>
> >>Richter
> >>
> >>
> >>
> >>Edson Carlos Ericksson Richter escreveu:
> >>
> >>
> >>
> >>>Hi!
> >>>
> >>>First of all, I must say Apache products are the best. And I'm very
> >>>confident that Geronimo came to stay.
> >>>But as any very new product, lacks of high avaliability of docs and
> >>>tutorials (besides there are two PDFs with lot's of information I must
> >>>confess I had not time to read everything).
> >>>
> >>>Well, I had working developing good software with Tomcat (since 3.1
> >>>days), and now Tomcat 5.5 has everything a developer could desire from
> >>>a product: easy install (just unzip or untar), exactly same config
> >>>runs on Windows and Linux, very easy to deploy (just put war on
> >>>webapps) and very stable (I have sites running Tomcat as webserver on
> >>>linux for more than a year without failures).
> >>>
> >>>One things I love on Tomcat 5.5 is <Realm/> configuration, and the
> >>>separation "by context" (every context could have their own
> >>>authentication). Works like a charm for database authenticated users.
> >>>I have read on somewhere that Geronimo still not have this kind of
> >>>support (database auth users). Is this a reality, or this could be
> >>>already implemented? I ask this because it's a must have migrate all
> >>>my apps to Geronimo.
> >>>
> >>>Best regards, and good work.
> >>>
> >>>Richter
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
> >
>
>

Mime
View raw message