So you can list security roles in an EAR's
META-INF/application.xml, but it's never been clear to me exactly what
that buys you. I think you still have to list the same security roles
again in each module in order for role-links to work as expected.
Would it be appropriate for us to let you map the EAR security
roles to principals in META-INF/geronimo-application.xml, and then apply
those settings as defaults if the same security roles show up in
individual modules? That would let you do you mapping in one place, if
for example, you were going to have a WAR and an EJB JAR that use the same
set of security roles.
Aaron
