1, D:\src\trunkgit\plugins\j2ee\j2ee-deployer\src\main\plan\plan.xml
<gbean name="SecurityBuilder"
class="org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl">
<attribute
name="credentialStoreName">?name=CredentialStore#</attribute>
<references></references>
</gbean>
2,
org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl.GeronimoSecurityBuilderImpl(AbstractNameQuery,
AbstractNameQuery, Environment)
public GeronimoSecurityBuilderImpl(@ParamAttribute(name =
"credentialStoreName")AbstractNameQuery credentialStoreName,
@ParamAttribute(name =
"defaultRoleMappingName")AbstractNameQuery defaultRoleMappingName,
@ParamAttribute(name =
"defaultEnvironment")Environment defaultEnvironment) {
this.defaultCredentialStoreName = credentialStoreName;
this.defaultRoleMappingName = *defaultRoleMappingName*;
this.defaultEnvironment = defaultEnvironment;
}
There's a mechanism there to do default role mapping. But there's no
default role mapping implementation for now.
I think you might want to add one by
implementing org.apache.geronimo.security.jacc.PrincipalRoleMapper and then
add it as a reference of "SecurityBuilder" in the deployment plan.
On Tue, Mar 22, 2011 at 12:13 AM, David Jencks <[email protected]>wrote:
> People have discussed implementing this but at the moment you have to
> explicitly map principals, including group principals, to roles.
>
> thanks
> david jencks
>
> On Mar 21, 2011, at 6:50 AM, Shenghao Fang wrote:
>
> > Hi All,
> >
> > I'm finding a way to map all groups in the realm to roles without
> > explicitly defining them in the deployment descriptor.
> > I searched the web and it looks like Geronimo supports such function.
> > But I didn't find any document about it.
> > Could anyone give any sample? Thanks.
> >
> >
> > --
> > Michael
>
>
--
Shawn
