You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2009/01/31 09:04:59 UTC
[jira] Assigned: (GERONIMO-4523) Security Realm based Group-Role
Mapping
[ https://issues.apache.org/jira/browse/GERONIMO-4523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks reassigned GERONIMO-4523:
--------------------------------------
Assignee: David Jencks
> Security Realm based Group-Role Mapping
> ---------------------------------------
>
> Key: GERONIMO-4523
> URL: https://issues.apache.org/jira/browse/GERONIMO-4523
> Project: Geronimo
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: security
> Reporter: Jürgen Weber
> Assignee: David Jencks
>
> For secured applications you currently need a Geronimo-specific deployment plan which defines among others a mapping of realm groups onto JEE roles. This goes against the spirit of EJB3 which replaces deployment descriptors with annotations.
> It would be desirable to be able to run a standard-conforming JEE application under container security without the need for Geronimo-specific deployment plans.
> But this raises the need of another mean to specify Group-Role Mapping. I suggest that this can be specified at the security-realm level. A realm should be linked to a mapping (n:1 mapping, several realms should potentially use the same mapping). There should be a default identity mapping, if you have several thousands of users in LDAP.
> Mappings should be definable via console.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.