[JBoss-dev] RE: Restore DeploymentRolesLoginModule

[Thomas Diesler]

There are various tests that define a role mapping in sun-ejb-jar.xml. These roles are mapped to jboss.xml like this      <!-- ELEMENT security-role-mapping (role-name, (principal-name | group-name)+) -->    <xsl:template match="security-role-mapping">       <xsl:element name="security-role">          <xsl:element name="role-name">             <xsl:value-of select="role-name"/>          </xsl:element>          <xsl:for-each select="principal-name">             <xsl:element name="principal-name">                <xsl:value-of select="."/>             </xsl:element>          </xsl:for-each>       </xsl:element>    </xsl:template> A search found 98 sun-ejb-jar.xml files with that mapping.   xxxxxxxxxxxxxxxxxxxxxxx Thomas Diesler Web Service Lead JBoss Inc. xxxxxxxxxxxxxxxxxxxxxxx   From: Scott M Stark Sent: Monday, January 30, 2006 13:43 To: Thomas Diesler Cc: 'jboss-development@lists.sourceforge.net' Subject: RE: Restore DeploymentRolesLoginModule What tests depend on this login module? As I remember only the run-as capability needed to augment the roles and this does not require a login module to do this.   From: Thomas Diesler Sent: Monday, January 30, 2006 4:16 AM To: Scott M Stark Cc: 'jboss-development@lists.sourceforge.net' Subject: RE: Restore DeploymentRolesLoginModule   I did not realize the server module now depends on security. I rolled back the module dependency and try to refactor such that DeploymentRolesLoginModule does not depend on  server meta data     From: Thomas Diesler Sent: Monday, January 30, 2006 11:18 To: Scott M Stark Cc: 'jboss-development@lists.sourceforge.net' Subject: Restore DeploymentRolesLoginModule Scott,   I restored the DeploymentRolesLoginModule and its associated dependency to the server module because various CTS tests depend on this login module.   The comment now reads:   /**  * The DeploymentRolesLoginModule adds the roles to the subject that were declared in the  * assembly-descriptor element in jboss.xml.  *  * <assembly-descriptor>  *   <security-role>  *     <role-name>  *     <principal-name>  *   </security-role>  * </assembly-descriptor>  *  * This allows dynamic role assignment to a given principal per EJB jar deployment.  * Used by EJB jar deployments in the CTS.     Cheers -thomas   ---------------------------- Revision : 1.1.6.2 Date : 2006/1/14 6:38:48 Author : 'starksm' State : 'dead' Lines : +2 -2 Description : Remove the unsupported/documented DeploymentRolesLoginModule     ---------------------------- Revision : 1.51.2.10 Date : 2006/1/14 6:50:56 Author : 'starksm' State : 'Exp' Lines : +1 -5 Description : JBAS-2359, refactor security classes out of the server module to security module