[JBoss-dev] RE: Restore DeploymentRolesLoginModule

[Thomas Diesler]

For this to be tested the DeploymentRolesLoginModule needs to be removed from login-config.xml in the cts configuration. I had ~70 tests failing in module jaxrpc/webservice because of ClassNotFoundException.   How do you suggest to handle the role/principal mapping in sun-ejb-jar.xml if not through     <assembly-descriptor>     <security-role>       <role-name>       <principal-name>     </security-role>   </assembly-descriptor> in jboss.xml?   Is there a way to pickup that mapping from jboss.xml other than through the DeploymentRolesLoginModule? I assume you want to keep that functionality in jboss_4_0.dtd.   -thomas From: Scott M Stark Sent: Monday, January 30, 2006 14:03 To: Thomas Diesler Cc: 'jboss-development@lists.sourceforge.net' Subject: RE: Restore DeploymentRolesLoginModule This does not mean this is where we need to be picking up these roles from. Create a jira issue with the failing tests as I really thought I had eliminated the need for the DeploymentRolesLoginModule when I last when through the security portion of the cts.   From: Thomas Diesler Sent: Monday, January 30, 2006 4:52 AM To: Scott M Stark Cc: 'jboss-development@lists.sourceforge.net' Subject: RE: Restore DeploymentRolesLoginModule   There are various tests that define a role mapping in sun-ejb-jar.xml. These roles are mapped to jboss.xml like this      <!-- ELEMENT security-role-mapping (role-name, (principal-name | group-name)+) -->    <xsl:template match="security-role-mapping">       <xsl:element name="security-role">          <xsl:element name="role-name">             <xsl:value-of select="role-name"/>          </xsl:element>          <xsl:for-each select="principal-name">             <xsl:element name="principal-name">                <xsl:value-of select="."/>             </xsl:element>          </xsl:for-each>       </xsl:element>    </xsl:template> A search found 98 sun-ejb-jar.xml files with that mapping.   xxxxxxxxxxxxxxxxxxxxxxx Thomas Diesler Web Service Lead JBoss Inc. xxxxxxxxxxxxxxxxxxxxxxx     From: Scott M Stark Sent: Monday, January 30, 2006 13:43 To: Thomas Diesler Cc: 'jboss-development@lists.sourceforge.net' Subject: RE: Restore DeploymentRolesLoginModule What tests depend on this login module? As I remember only the run-as capability needed to augment the roles and this does not require a login module to do this.   From: Thomas Diesler Sent: Monday, January 30, 2006 4:16 AM To: Scott M Stark Cc: 'jboss-development@lists.sourceforge.net' Subject: RE: Restore DeploymentRolesLoginModule   I did not realize the server module now depends on security. I rolled back the module dependency and try to refactor such that DeploymentRolesLoginModule does not depend on  server meta data     From: Thomas Diesler Sent: Monday, January 30, 2006 11:18 To: Scott M Stark Cc: 'jboss-development@lists.sourceforge.net' Subject: Restore DeploymentRolesLoginModule Scott,   I restored the DeploymentRolesLoginModule and its associated dependency to the server module because various CTS tests depend on this login module.   The comment now reads:   /**  * The DeploymentRolesLoginModule adds the roles to the subject that were declared in the  * assembly-descriptor element in jboss.xml.  *  * <assembly-descriptor>  *   <security-role>  *     <role-name>  *     <principal-name>  *   </security-role>  * </assembly-descriptor>  *  * This allows dynamic role assignment to a given principal per EJB jar deployment.  * Used by EJB jar deployments in the CTS.     Cheers -thomas   ---------------------------- Revision : 1.1.6.2 Date : 2006/1/14 6:38:48 Author : 'starksm' State : 'dead' Lines : +2 -2 Description : Remove the unsupported/documented DeploymentRolesLoginModule     ---------------------------- Revision : 1.51.2.10 Date : 2006/1/14 6:50:56 Author : 'starksm' State : 'Exp' Lines : +1 -5 Description : JBAS-2359, refactor security classes out of the server module to security module