geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From amergey <a_mer...@yahoo.fr>
Subject Dynamic Role mapping
Date Fri, 25 Nov 2011 10:42:16 GMT
Hello,

Currently the way to secure a web application is quite static in Geronimo,
as Role mapping is defined during deployement of the application.
There are some valid use case where groups assigned to users can change. In
this case the only way I found in Geronimo is to change role mapping in
deployment plan and re-deploy the application, and Geronimo should probably
provide some way to change role mapping without having to redeploy the
application.
For example in JBoss, or weblogic server, role mapping can be changed
dynamically outside the application, without redeploying it.
I found this bug https://issues.apache.org/jira/browse/GERONIMO-454 that
could be an answer, but it has not been updated for a while, are there any
plan to implement this ?

On same topic another question, it seems that with programmatic secutity in
Servlet, even if a user has a role granted, isUserInRole(thisRole) only
return true if the role is declared. I do not know what the JEE
specification tell about this, but I have tested in tomcat, JBoss and
Weblogic server and isUserInRole return true if the user has the role
granted, whatever the role is declared or not. In Glassfish they also
support a way to have this behavior. Are there any way in Geronimo ? (it can
be useful when roles are dynamic, and we do not want to updaet web.xml then
redeploy the application, and this use case seems also to be valid as almost
all JEE application servers, provide a way to do this)

Thanks and Best regards,
Arnaud

--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/Dynamic-Role-mapping-tp3535785p3535785.html
Sent from the Users mailing list archive at Nabble.com.

Mime
View raw message