On Jul 14, 2009, at 11:29 PM, Rodger wrote:
Previously and in a common way, we do principal-role mapping in a
deployment plan (such as geronimo-web.xml,openejb-jar.xml),
like:
<role-mappings>
<role role-name="user">
<principal
class="o.a.g.s.r.providers.GeronimoGroupPrincipal" name="UserGrp"/>
</role>
...
</role-mappings>
But in Geronimo2.2 , after a jira
https://issues.apache.org/jira/browse/GERONIMO-4523
It seems that we can do the principal-role mapping without the need
for Geronimo-specific deployment plans.
Has the feature been implemented? If so, how to do the mapping?
I'm not sure if there is an example of how to do this.
1. In a plan for a geronimo plugin, either a javaee app or service
(gbean) plugin, include a <security> element following the http://geronimo.apache.org/xml/ns/security-2.0
schema. Be sure it has a name attribute.
2. add a dependency on the plugin from (1) to your javaee app.
3. In the geronimo plan for your javaee app, include a <security-ref>
element with a <name> element referring to the <security> element in
(1).
You still need a geronimo plan for the javaee app, this just lets you
share the principal-role mapping between several apps.
I think that's how it works.
david jencks
--
Best Regards,
Rodger.
