The ejb-jar.xml roles are logical names. Where are you getting that they
are the principal name? The tutorial demonstrates that they are not
by securing the beans using a roles of Echo & Coder, to which the principal
names are mapped via the JAAS login module. The ejb-jar.xml descriptor
is completely portable to JBoss.
The only difference is that JBoss does not do the mapping via the jboss.xml
descriptor directly. Rather the <role-mapping-manager> element specifies
the security manger instance that does this at runtime based on the authenticated
principal name.
----- Original Message -----
From: "Dale V. Georg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 11, 2001 11:45 AM
Subject: Re: [JBoss-user] Question on Security Role Mapping
>
> Yes, I did read through that; in fact, I used that as my guide for
> converting our app from WebLogic to jBoss, and everything is working
> great. I was just questioning whether the role-name in the ejb-jar.xml
> mapping directly to the security principle was the only way jBoss
> supported roles, or whether there was an additional mapping you could do
> in the jboss.xml.
>
> The main reason I'm looking at this is we are trying to make our app
> support multiple application servers. Up until now, ejb-jar.xml was
> generic and didn't require changes between the different app servers,
> since any app server specific stuff was in the appserver.xml. Further,
> in the appserver.xml we are mapping all of our roles to guest by
> default. But if jBoss assumes that the role-name from ejb-jar.xml is
> the principle name, then we may need to have a special case for jBoss.
>
> Thanks,
> Dale
>
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
