I'm just taking a look at integrating the web tier security with
Geronimo security. I've got a couple of questions:
1. When/who should call setMBeanServer on the
GeronimoLoginConfiguration? Should I call it
just before doing a LoginContext login() call?
2. What code is responsible for configuring the SecurityRealm
instances? Should they be configurable from the
security-service.xml file?
3. I still can't work out where the mapping of the user's roles
that are retrieved by the SecurityRealm are turned into permissions
suitable for a HttpRequest.isUserInRole() call impl?
Any pointers on any of these would be welcome.
thanks
Jan
