Thanks for your replies. 2011/3/22 Shawn Jiang <[email protected]>: > 1, D:\src\trunkgit\plugins\j2ee\j2ee-deployer\src\main\plan\plan.xml > <gbean name="SecurityBuilder" > class="org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl"> > <attribute > name="credentialStoreName">?name=CredentialStore#</attribute> > <references></references> > </gbean> > > > 2, > org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl.GeronimoSecurityBuilderImpl(AbstractNameQuery, > AbstractNameQuery, Environment) > public GeronimoSecurityBuilderImpl(@ParamAttribute(name = > "credentialStoreName")AbstractNameQuery credentialStoreName, > @ParamAttribute(name = > "defaultRoleMappingName")AbstractNameQuery defaultRoleMappingName, > @ParamAttribute(name = > "defaultEnvironment")Environment defaultEnvironment) { > this.defaultCredentialStoreName = credentialStoreName; > this.defaultRoleMappingName = defaultRoleMappingName; > this.defaultEnvironment = defaultEnvironment; > } > > There's a mechanism there to do default role mapping. But there's no > default role mapping implementation for now. > I think you might want to add one by > implementing org.apache.geronimo.security.jacc.PrincipalRoleMapper and then > add it as a reference of "SecurityBuilder" in the deployment plan. > On Tue, Mar 22, 2011 at 12:13 AM, David Jencks <[email protected]> > wrote: >> >> People have discussed implementing this but at the moment you have to >> explicitly map principals, including group principals, to roles. >> >> thanks >> david jencks >> >> On Mar 21, 2011, at 6:50 AM, Shenghao Fang wrote: >> >> > Hi All, >> > >> > I'm finding a way to map all groups in the realm to roles without >> > explicitly defining them in the deployment descriptor. >> > I searched the web and it looks like Geronimo supports such function. >> > But I didn't find any document about it. >> > Could anyone give any sample? Thanks. >> > >> > >> > -- >> > Michael >> > > > > -- > Shawn >
-- Michael
