You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by lr...@apache.org on 2009/08/04 22:43:54 UTC

svn commit: r800955 - /tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml

Author: lresende
Date: Tue Aug  4 20:43:53 2009
New Revision: 800955

URL: http://svn.apache.org/viewvc?rev=800955&view=rev
Log:
Defining roles based on groups and updating ldap schema to be used when searching groups

Modified:
    tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml

Modified: tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
URL: http://svn.apache.org/viewvc/tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml?rev=800955&r1=800954&r2=800955&view=diff
==============================================================================
--- tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml (original)
+++ tuscany/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml Tue Aug  4 20:43:53 2009
@@ -32,18 +32,17 @@
 	<web:security-realm-name>ldap-realm</web:security-realm-name>
     <sec:security>
         <sec:role-mappings>
-            <sec:role role-name="manager">
-                <sec:principal name="PWEST" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-            </sec:role>
-            <sec:role role-name="user">
-                <sec:principal name="PHAGE" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-            </sec:role>
+            <!--
             <sec:role role-name="manager">
                 <sec:principal name="lmanager" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
             </sec:role>            
             <sec:role role-name="user">
                 <sec:principal name="lresende" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
             </sec:role>
+            -->
+            <sec:role role-name="manager">
+                <sec:principal name="managers" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" designated-run-as="true"/>
+            </sec:role>            
         </sec:role-mappings>
     </sec:security>
     
@@ -63,9 +62,9 @@
                     <lc:option name="userBase">ou=people,dc=tnc,dc=org</lc:option>
                     <lc:option name="userSearchMatching">uid={0}</lc:option>
                     <lc:option name="userSearchSubtree">false</lc:option>
-                    <lc:option name="roleBase">ou=people,dc=tnc,dc=org</lc:option>
+                    <lc:option name="roleBase">ou=groups,dc=tnc,dc=org</lc:option>
                     <lc:option name="roleName">cn</lc:option>
-                    <lc:option name="roleSearchMatching">(objectClass={0})</lc:option>
+                    <lc:option name="roleSearchMatching">(member={0})</lc:option>
                     <lc:option name="roleSearchSubtree">false</lc:option>                    
                 </lc:login-module>
             </lc:login-config>