[JBoss-user] [Security & JAAS/JBoss] - Re: Organizational Role to Application Role mapping using LD

Tue, 15 Mar 2005 09:29:38 -0800 

Don't know if you are still watching this thread - but I wanted to thank you 
for your posts - it is rare enough for someone to post an answer to their own 
question, much less such a well thought out and well explained answer.

I have been looking at security role mappings in WebLogic and JBoss over the 
past day (using WebLogic 9, JBoss 4) and it appears to me that there is a 
capability in the weblogic.xml that is missing from jboss-web.xml.  (Of course, 
I am pretty new to this, so I could be wrong).

For simplicity, let's assume that we are only using declarative security and 
want to deploy an web application into an existing environment.  We want to 
have an auth-constraint as:
   <auth-constraint>
     <role-name>MyRoleName</role-name>
   </auth-constraint>

In JBoss, I will have to have MyRoleName show up in my authentication source 
(e.g. that specific name will have to be in LDAP or the DBMS that I use for my 
loginModule).

However, in WebLogic, I can use:
  <security-role-assignment>
    <role-name>MyRoleName</role-name>
    <principal-name>SomeExistingWLGroup</principal-name>
  </security-role-assignment> 

So, it seems that WebLogic is offering some additional capability here - and 
that capability seems useful.   But as I mentioned, I might be confused here.  

I saw a similar post at: 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3868751#3868751, but 
there were no replies.

Thanks in advance for any advice you might have on this subject.

RB

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3870232#3870232

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3870232


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to