Hello,
I'm currently migrating our application from Weblogic and Websphere to JBoss
4.0.3 and had a question about role mappings in the web.xml file.
I've searched everywhere and the only place I see something mentioned about
this is in the weblogic migration wiki but wanted some confirmation here.
In our web.xml we setup an auth constraint on a url pattern as such:
<web-resource-collection>
<web-resource-name>blah</web-resource-name>
<url-pattern>*.lsw</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>twuser</role-name>
</auth-constraint>
<security-role>
<role-name>twuser</role-name>
</security-role>
For WebLogic, in the weblogic.xml we could map the role twuser to some physical
role in our security provider as such:
<security-role-assignment>
<role-name>twuser</role-name>
<principal-name>users</principal-name>
</security-role-assignment>
What this did was cause any authenticated user (a member of the weblogic role
users) to have access to our web app.
For WebSphere we could map the role twuser to all authenticated users via the
admin console.
Now for JBoss I cannot find any doc on how you can perform role mapping. The
migration to weblogic wiki does mention something about it by stating:
"In JBoss the role names must be exactly the same as the LDAP names. So change
all of them in web.xml (and code too perhaps?) to be the LDAP ones."
So is this correct in that the roles specified in the web.xml have to actually
exist in the security provider? So no role mapping exists?
The other question I have related to this is, is there an equivalent thing that
allows you to map authenticated users to some role? What we want is for any
authenticated user to have access to our web app, no matter what roles they
belong to. Currently with the auth-constraint being set to role twuser, you
MUST be a member of this role before you get access to the web app and for
Weblogic and WebSphere we could map this role to all authenticated users so
therefore you didn't have to manually make a user a member as they were
automatically made one once they were authenticated.
Thanks
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3902639#3902639
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3902639
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
