[
https://issues.apache.org/jira/browse/GERONIMO-4523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671430#action_12671430
]
David Jencks commented on GERONIMO-4523:
----------------------------------------
Something went wrong with my commt in rev 741679 and a lot of unintentional
modifications got committed. This has been fixed in revs
741766,
741822
and
741858
I apologize for any problems this may have caused.
> Security Realm based Group-Role Mapping
> ---------------------------------------
>
> Key: GERONIMO-4523
> URL: https://issues.apache.org/jira/browse/GERONIMO-4523
> Project: Geronimo
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: security
> Reporter: Jürgen Weber
> Assignee: David Jencks
>
> For secured applications you currently need a Geronimo-specific deployment
> plan which defines among others a mapping of realm groups onto JEE roles.
> This goes against the spirit of EJB3 which replaces deployment descriptors
> with annotations.
> It would be desirable to be able to run a standard-conforming JEE application
> under container security without the need for Geronimo-specific deployment
> plans.
> But this raises the need of another mean to specify Group-Role Mapping. I
> suggest that this can be specified at the security-realm level. A realm
> should be linked to a mapping (n:1 mapping, several realms should potentially
> use the same mapping). There should be a default identity mapping, if you
> have several thousands of users in LDAP.
> Mappings should be definable via console.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
