Just to add to my list of questions ...
How does the current mechanism implemented in o.a.g.security.PolicyConfigurationWeb.commit() cope with the dynamic granting of roles to users? Looks like it is all set in concrete at the time of the commit(), or are the roles and permissions concerned those described in the web.xml?
thanks again Jan
Jan Bartel wrote:
I'm just taking a look at integrating the web tier security with Geronimo security. I've got a couple of questions:
1. When/who should call setMBeanServer on the GeronimoLoginConfiguration? Should I call it just before doing a LoginContext login() call?
2. What code is responsible for configuring the SecurityRealm instances? Should they be configurable from the security-service.xml file?
3. I still can't work out where the mapping of the user's roles that are retrieved by the SecurityRealm are turned into permissions suitable for a HttpRequest.isUserInRole() call impl?
Any pointers on any of these would be welcome.
thanks Jan
