[JBoss-user] [Security & JAAS/JBoss] - Re: Organizational Role to Application Role mapping using LD

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I too think that I have answered my own question.  Due to various configuration complexities, I believe I went down the wrong path.  I no longer see the need for the information in the weblogic.xml file.

In the scenario that I described earlier:

anonymous wrote : For simplicity, let's assume that we are only using declarative security and want to deploy an web application into an existing environment. We want to have an auth-constraint as:
  | <auth-constraint>
  | <role-name>MyRoleName</role-name>
  | </auth-constraint>
  | 
  | In JBoss, I will have to have MyRoleName show up in my authentication source (e.g. that specific name will have to be in LDAP or the DBMS that I use for my loginModule).
  | 
  | However, in WebLogic, I can use:
  | <security-role-assignment>
  | <role-name>MyRoleName</role-name>
  | <principal-name>SomeExistingWLGroup</principal-name>
  | </security-role-assignment> 

In JBoss, if I want to use the security role SomeExistingWLGroup, then that is the role that I would use in the auth-constraint.  Simple as that.  It means that the customers will need to change the web.xml but that is no different than changing the weblogic.xml.

So, the weblogic.jar makes it easy to statically configure your authentication source, but that is not really related to the web-app (which is why the security-role-assignment is not part of the Servlet spec and probably why it is not in JBoss).

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3870267#3870267

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3870267