You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by lr...@apache.org on 2009/08/04 22:43:54 UTC
svn commit: r800955 -
/tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
Author: lresende
Date: Tue Aug 4 20:43:53 2009
New Revision: 800955
URL: http://svn.apache.org/viewvc?rev=800955&view=rev
Log:
Defining roles based on groups and updating ldap schema to be used when searching groups
Modified:
tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
Modified: tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
URL: http://svn.apache.org/viewvc/tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml?rev=800955&r1=800954&r2=800955&view=diff
==============================================================================
--- tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml (original)
+++ tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml Tue Aug 4 20:43:53 2009
@@ -32,18 +32,17 @@
<web:security-realm-name>ldap-realm</web:security-realm-name>
<sec:security>
<sec:role-mappings>
- <sec:role role-name="manager">
- <sec:principal name="PWEST" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
- </sec:role>
- <sec:role role-name="user">
- <sec:principal name="PHAGE" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
- </sec:role>
+ <!--
<sec:role role-name="manager">
<sec:principal name="lmanager" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
</sec:role>
<sec:role role-name="user">
<sec:principal name="lresende" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
</sec:role>
+ -->
+ <sec:role role-name="manager">
+ <sec:principal name="managers" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" designated-run-as="true"/>
+ </sec:role>
</sec:role-mappings>
</sec:security>
@@ -63,9 +62,9 @@
<lc:option name="userBase">ou=people,dc=tnc,dc=org</lc:option>
<lc:option name="userSearchMatching">uid={0}</lc:option>
<lc:option name="userSearchSubtree">false</lc:option>
- <lc:option name="roleBase">ou=people,dc=tnc,dc=org</lc:option>
+ <lc:option name="roleBase">ou=groups,dc=tnc,dc=org</lc:option>
<lc:option name="roleName">cn</lc:option>
- <lc:option name="roleSearchMatching">(objectClass={0})</lc:option>
+ <lc:option name="roleSearchMatching">(member={0})</lc:option>
<lc:option name="roleSearchSubtree">false</lc:option>
</lc:login-module>
</lc:login-config>