Security Realm based Group-Role Mapping
---------------------------------------
Key: GERONIMO-4523
URL: https://issues.apache.org/jira/browse/GERONIMO-4523
Project: Geronimo
Issue Type: New Feature
Security Level: public (Regular issues)
Components: security
Reporter: Jürgen Weber
For secured applications you currently need a Geronimo-specific deployment plan
which defines among others a mapping of realm groups onto JEE roles. This goes
against the spirit of EJB3 which replaces deployment descriptors with
annotations.
It would be desirable to be able to run a standard-conforming JEE application
under container security without the need for Geronimo-specific deployment
plans.
But this raises the need of another mean to specify Group-Role Mapping. I
suggest that this can be specified at the security-realm level. A realm should
be linked to a mapping (n:1 mapping, several realms should potentially use the
same mapping). There should be a default identity mapping, if you have several
thousands of users in LDAP.
Mappings should be definable via console.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
