Child pages
  • Authorization - mapping J2EE roles to Principals
Skip to end of metadata
Go to start of metadata

J2EE has it's own model for authorization. Authorization is done against an abstract notion of a role. Authorization policy is written in the deployment descriptor with the role name, resources and appropriate actions. Roles must be mapped to principals at deployment time.

We want to map roles to domain or realm principals (produced by wrapping Security Realms). This is not supported in Geronimo M5 or earlier milestones. In those early releases you can only map j2EE roles to principals that are not explicitly linked to the Login Domain and Security Realm.

Since domain and realm principals are wrapping Principals, @class attribute that you must specify for either of them must be the name of the class that implements interface.

See the Security Definition Schema section for the role mapping syntax.

  • No labels