[ http://issues.apache.org/jira/browse/GERONIMO-890?page=all ]
David Blevins updated GERONIMO-890: ----------------------------------- Fix Version: 1.0 (was: 1.0-M5) > Role Mapping using Login Domain Name > ------------------------------------ > > Key: GERONIMO-890 > URL: http://issues.apache.org/jira/browse/GERONIMO-890 > Project: Geronimo > Type: Bug > Components: security > Versions: 1.0-M4, 1.0-M3 > Reporter: Aaron Mulder > Assignee: Alan Cabrera > Fix For: 1.0 > > In the security settings, each login module has a login domain name. This is > so that a single realm could distinguish between principles (with the same > name) from two login modules of the same class. For example, if you have two > LDAP login modules pointing to different servers, you could distinguish based > on principal class and login domain name so "administrator" from server A is > different than "administrator" from server B. > However, in our role mapping, we let you specify a realm, principal class, > and principal name, but not a login domain name. In other words, all > LDAP-group-administrator entries look the same, regardless of which server > they originate from. > I think the mapping should have a login-domain-name attribute on the > "principal" XML type. I'd say it should be optional so you only have to use > it if you care to distinguish (it would be obnoxious to need to specify it > every time). We could also do this with another surrounding element like > (but within) "realm" -- I guess I don't care all that much either way. > What I don't have a handle on is the changes required to our security > processing infrastructure to make this work. I'm not sure whether or how the > login domain name propogates on the principals we create, though I have a > vague memory that the principal wrappers were going to hold the login domain > names. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira