Re: [JBoss-user] Question on Security Role Mapping

Fri, 11 May 2001 11:33:02 -0700 


Yes, I did read through that; in fact, I used that as my guide for
converting our app from WebLogic to jBoss, and everything is working
great.  I was just questioning whether the role-name in the ejb-jar.xml
mapping directly to the security principle was the only way jBoss
supported roles, or whether there was an additional mapping you could do
in the jboss.xml.  

The main reason I'm looking at this is we are trying to make our app
support multiple application servers.  Up until now, ejb-jar.xml was
generic and didn't require changes between the different app servers,
since any app server specific stuff was in the appserver.xml.  Further,
in the appserver.xml we are mapping all of our roles to guest by
default.  But if jBoss assumes that the role-name from ejb-jar.xml is
the principle name, then we may need to have a special case for jBoss.

Thanks,
Dale


Scott M Stark wrote:
> 
> See the security tutorial: http://www.jboss.org/documentation/HTML/ch11s78.html
> 
> ----- Original Message -----
> From: "Dale V. Georg" <[EMAIL PROTECTED]>
> To: "jBoss mailing List" <[EMAIL PROTECTED]>
> Sent: Friday, May 11, 2001 9:10 AM
> Subject: [JBoss-user] Question on Security Role Mapping
> 
> >
> > In my ejb-jar.xml, I define a number of security roles, for example:
> >
> >         <security-role>
> >             <description>All users with read access to instance
> > 1</description>
> >             <role-name>Instance1Reader</role-name>
> >         </security-role>
> >
> > In other application servers that I have worked with, this role-name is
> > a "logical" role name, which in turn must be mapped to a "physical"
> > principle in the app server specific xml.  For example, in
> > weblogic-ejb-jar.xml, I would specify:
> >
> >         <security-role-assignment>
> >            <role-name>Instance1Reader</role-name>
> >             <principal-name>guest</principal-name>
> >         </security-role-assignment>
> >
> > However, unless I am missing something, it seems that jboss.xml does not
> > provide an equivalent mapping, and that jBoss expects the role-name from
> > the ejb-jar.xml file itself to be the actual principle name.  Is this
> > correct?
> >
> > Thanks,
> > Dale
> >
> 
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user

-- 

================================
   Dale V. Georg
   Technical Manager
   Indus Consultancy Services
   [EMAIL PROTECTED]
   (201) 261-3100 x229
================================

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to