PLEASE Help mapping roles in JBoss like WAS 5.1
mickknutson Sep 13, 2005 2:23 PMI am trying to get my security module to map roles like WAS 5.1 does with the ibm_application-bnd.xmi file below. Websphere seems to map role01 to a role called "cn=FFv1::01Find Customer::Simple Search,o=blackhawk". But without the mapping WAS does not like, or understand the comma and equals signs. Thus a need for mapping, as ldap sends back "cn=FFv1::01Find Customer::Simple Search,o=blackhawk", not "role01".
ibm_application-bnd.xmi:
<?xml version="1.0" encoding="UTF-8"?> <com.ibm.ejs.models.base.bindings.applicationbnd:ApplicationBinding xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:com.ibm.ejs.models.base.bindings.applicationbnd="applicationbnd.xmi" xmi:id="ApplicationBinding_1126576842118"> <authorizationTable xmi:id="AuthorizationTable_1126576842118"> <authorizations xmi:id="RoleAssignment_1126576842118"> <role href="META-INF/application.xml#SecurityRole_1126576842103"/> <groups xmi:id="Group_1126576842118" name="cn=FFv1::01Find Customer::Simple Search,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842119"> <role href="META-INF/application.xml#SecurityRole_1126576842104"/> <groups xmi:id="Group_1126576842119" name="cn=FFv1::02Research Customer::Advanced Search,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842134"> <role href="META-INF/application.xml#SecurityRole_1126576842105"/> <groups xmi:id="Group_1126576842134" name="cn=FFv1::03Customer Detail::Update Customer Info -All,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842135"> <role href="META-INF/application.xml#SecurityRole_1126576842106"/> <groups xmi:id="Group_1126576842135" name="cn=FFv1::04Customer Detail::Update Customer Info -Selected,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842136"> <role href="META-INF/application.xml#SecurityRole_1126576842107"/> <groups xmi:id="Group_1126576842136" name="cn=FFv1::05Customer Detail::Terminate Account,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842137"> <role href="META-INF/application.xml#SecurityRole_1126576842108"/> <groups xmi:id="Group_1126576842137" name="cn=FFv1::06Customer Detail::Create Enrollment,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842138"> <role href="META-INF/application.xml#SecurityRole_1126576842109"/> <groups xmi:id="Group_1126576842138" name="cn=FFv1::07Customer Detail::Block Account,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842139"> <role href="META-INF/application.xml#SecurityRole_1126576842110"/> <groups xmi:id="Group_1126576842139" name="cn=FFv1::08Customer Detail::Unblock Account,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842140"> <role href="META-INF/application.xml#SecurityRole_1126576842111"/> <groups xmi:id="Group_1126576842140" name="cn=FFv1::09Customer Detail::Add Comments,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842141"> <role href="META-INF/application.xml#SecurityRole_1126576842112"/> <groups xmi:id="Group_1126576842141" name="cn=FFv1::10Customer Detail::View Contents,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842142"> <role href="META-INF/application.xml#SecurityRole_1126576842113"/> <groups xmi:id="Group_1126576842142" name="cn=FFv1::11ACH Adjustments::ACH Adjustments,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842143"> <role href="META-INF/application.xml#SecurityRole_1126576842114"/> <groups xmi:id="Group_1126576842143" name="cn=FFv1::12Velocity::Velocity Limits - Create,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842144"> <role href="META-INF/application.xml#SecurityRole_1126576842118"/> <groups xmi:id="Group_1126576842144" name="cn=FFv1::13Velocity::Velocity Limits - View,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842145"> <role href="META-INF/application.xml#SecurityRole_1126576842119"/> <groups xmi:id="Group_1126576842145" name="cn=FFv1::14Database Changes::Account History,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842146"> <role href="META-INF/application.xml#SecurityRole_1126576842120"/> <groups xmi:id="Group_1126576842149" name="cn=FFv1::15Recent Transaction::Transaction History - Recent,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842149"> <role href="META-INF/application.xml#SecurityRole_1126576842121"/> <groups xmi:id="Group_1126576842150" name="cn=FFv1::16Historical Transactions::Transaction History - Historical,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842150"> <role href="META-INF/application.xml#SecurityRole_1126576842122"/> <groups xmi:id="Group_1126576842151" name="cn=FFv1::17Reports::Reports,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842151"> <role href="META-INF/application.xml#SecurityRole_1126576842123"/> <groups xmi:id="Group_1126576842152" name="cn=FFv1::18Administrative::User Acct Creation,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842152"> <role href="META-INF/application.xml#SecurityRole_1126576842124"/> <groups xmi:id="Group_1126576842153" name="cn=FFv1::19Administrative::User Acct Maint,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842153"> <role href="META-INF/application.xml#SecurityRole_1126576842125"/> <groups xmi:id="Group_1126576842154" name="cn=FFv1::20Administrative::Password Delete,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842154"> <role href="META-INF/application.xml#SecurityRole_1126576842126"/> <groups xmi:id="Group_1126576842155" name="cn=FFv1::21Administrative::Disable User Acct,o=blackhawk"/> </authorizations> <authorizations xmi:id="RoleAssignment_1126576842155"> <role href="META-INF/application.xml#SecurityRole_1126576842127"/> <groups xmi:id="Group_1126576842156" name="cn=FFv1::22Administrative::Password Reset Delegation,o=blackhawk"/> </authorizations> </authorizationTable> <application href="META-INF/application.xml#Application_1120149750822"/> </com.ibm.ejs.models.base.bindings.applicationbnd:ApplicationBinding>
web.xml excerpt:
<security-constraint> <web-resource-collection> <web-resource-name>bhffApplication</web-resource-name> <description>Require users to authenticate</description> <url-pattern>*.do</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>User constraint</description> <role-name>role01</role-name> <role-name>role02</role-name> <role-name>role03</role-name> <role-name>role04</role-name> <role-name>role05</role-name> <role-name>role06</role-name> <role-name>role07</role-name> <role-name>role08</role-name> <role-name>role09</role-name> <role-name>role10</role-name> <role-name>role11</role-name> <role-name>role12</role-name> <role-name>role13</role-name> <role-name>role14</role-name> <role-name>role15</role-name> <role-name>role16</role-name> <role-name>role17</role-name> <role-name>role18</role-name> <role-name>role19</role-name> <role-name>role20</role-name> <role-name>role21</role-name> <role-name>role22</role-name> </auth-constraint> <user-data-constraint> <description>Encryption is not forced by application at this point.</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/logon.jsp</form-login-page> <form-error-page>/logonError.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>cn=ffv1::01find customer::simple search,o=blackhawk</description> <role-name>role01</role-name> </security-role> <security-role> <description>cn=ffv1::02research customer::advanced search,o=blackhawk</description> <role-name>role02</role-name> </security-role> <security-role> <description>cn=ffv1::03customer detail::update customer info -all,o=blackhawk</description> <role-name>role03</role-name> </security-role> <security-role> <description>cn=ffv1::04customer detail::update customer info -selected,o=blackhawk</description> <role-name>role04</role-name> </security-role> <security-role> <description>cn=ffv1::05customer detail::terminate account,o=blackhawk</description> <role-name>role05</role-name> </security-role> <security-role> <description>cn=ffv1::06customer detail::create enrollment,o=blackhawk</description> <role-name>role06</role-name> </security-role> <security-role> <description>cn=ffv1::07customer detail::block account,o=blackhawk</description> <role-name>role07</role-name> </security-role> <security-role> <description>cn=ffv1::08customer detail::unblock account,o=blackhawk</description> <role-name>role08</role-name> </security-role> <security-role> <description>cn=ffv1::09customer detail::add comments,o=blackhawk</description> <role-name>role09</role-name> </security-role> <security-role> <description>cn=ffv1::10customer detail::view contents,o=blackhawk</description> <role-name>role10</role-name> </security-role> <security-role> <description>cn=ffv1::11ach adjustments::ach adjustments,o=blackhawk</description> <role-name>role11</role-name> </security-role> <security-role> <description>cn=ffv1::12velocity::velocity limits - create,o=blackhawk</description> <role-name>role12</role-name> </security-role> <security-role> <description>cn=ffv1::13velocity::velocity limits - view,o=blackhawk</description> <role-name>role13</role-name> </security-role> <security-role> <description>cn=ffv1::14database changes::account history,o=blackhawk</description> <role-name>role14</role-name> </security-role> <security-role> <description>cn=ffv1::15recent transaction::transaction history - recent,o=blackhawk</description> <role-name>role15</role-name> </security-role> <security-role> <description>cn=ffv1::16historical transactions::transaction history - historical,o=blackhawk</description> <role-name>role16</role-name> </security-role> <security-role> <description>cn=ffv1::17reports::reports,o=blackhawk</description> <role-name>role17</role-name> </security-role> <security-role> <description>cn=ffv1::18administrative::user acct creation,o=blackhawk</description> <role-name>role18</role-name> </security-role> <security-role> <description>cn=ffv1::19administrative::user acct maint,o=blackhawk</description> <role-name>role19</role-name> </security-role> <security-role> <description>cn=ffv1::20administrative::password delete,o=blackhawk</description> <role-name>role20</role-name> </security-role> <security-role> <description>cn=ffv1::21administrative::disable user acct,o=blackhawk</description> <role-name>role21</role-name> </security-role> <security-role> <description>cn=ffv1::22administrative::password reset delegation,o=blackhawk</description> <role-name>role22</role-name> </security-role>
application.xml:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd"> <application id="Application_1120149750822"> <display-name>Fastforward</display-name> <module id="WebModule_1120149438148"> <web> <web-uri>fastforwardWeb-1.1.11.war</web-uri> <context-root>/fastforward</context-root> </web> </module> <security-role id="SecurityRole_1126576842103"> <description>cn=ffv1::01find customer::simple search,o=blackhawk</description> <role-name>role01</role-name> </security-role> <security-role id="SecurityRole_1126576842104"> <description>cn=ffv1::02research customer::advanced search,o=blackhawk</description> <role-name>role02</role-name> </security-role> <security-role id="SecurityRole_1126576842105"> <description>cn=ffv1::03customer detail::update customer info -all,o=blackhawk</description> <role-name>role03</role-name> </security-role> <security-role id="SecurityRole_1126576842106"> <description>cn=ffv1::04customer detail::update customer info -selected,o=blackhawk</description> <role-name>role04</role-name> </security-role> <security-role id="SecurityRole_1126576842107"> <description>cn=ffv1::05customer detail::terminate account,o=blackhawk</description> <role-name>role05</role-name> </security-role> <security-role id="SecurityRole_1126576842108"> <description>cn=ffv1::06customer detail::create enrollment,o=blackhawk</description> <role-name>role06</role-name> </security-role> <security-role id="SecurityRole_1126576842109"> <description>cn=ffv1::07customer detail::block account,o=blackhawk</description> <role-name>role07</role-name> </security-role> <security-role id="SecurityRole_1126576842110"> <description>cn=ffv1::08customer detail::unblock account,o=blackhawk</description> <role-name>role08</role-name> </security-role> <security-role id="SecurityRole_1126576842111"> <description>cn=ffv1::09customer detail::add comments,o=blackhawk</description> <role-name>role09</role-name> </security-role> <security-role id="SecurityRole_1126576842112"> <description>cn=ffv1::10customer detail::view contents,o=blackhawk</description> <role-name>role10</role-name> </security-role> <security-role id="SecurityRole_1126576842113"> <description>cn=ffv1::11ach adjustments::ach adjustments,o=blackhawk</description> <role-name>role11</role-name> </security-role> <security-role id="SecurityRole_1126576842114"> <description>cn=ffv1::12velocity::velocity limits - create,o=blackhawk</description> <role-name>role12</role-name> </security-role> <security-role id="SecurityRole_1126576842118"> <description>cn=ffv1::13velocity::velocity limits - view,o=blackhawk</description> <role-name>role13</role-name> </security-role> <security-role id="SecurityRole_1126576842119"> <description>cn=ffv1::14database changes::account history,o=blackhawk</description> <role-name>role14</role-name> </security-role> <security-role id="SecurityRole_1126576842120"> <description>cn=ffv1::15recent transaction::transaction history - recent,o=blackhawk</description> <role-name>role15</role-name> </security-role> <security-role id="SecurityRole_1126576842121"> <description>cn=ffv1::16historical transactions::transaction history - historical,o=blackhawk</description> <role-name>role16</role-name> </security-role> <security-role id="SecurityRole_1126576842122"> <description>cn=ffv1::17reports::reports,o=blackhawk</description> <role-name>role17</role-name> </security-role> <security-role id="SecurityRole_1126576842123"> <description>cn=ffv1::18administrative::user acct creation,o=blackhawk</description> <role-name>role18</role-name> </security-role> <security-role id="SecurityRole_1126576842124"> <description>cn=ffv1::19administrative::user acct maint,o=blackhawk</description> <role-name>role19</role-name> </security-role> <security-role id="SecurityRole_1126576842125"> <description>cn=ffv1::20administrative::password delete,o=blackhawk</description> <role-name>role20</role-name> </security-role> <security-role id="SecurityRole_1126576842126"> <description>cn=ffv1::21administrative::disable user acct,o=blackhawk</description> <role-name>role21</role-name> </security-role> <security-role id="SecurityRole_1126576842127"> <description>cn=ffv1::22administrative::password reset delegation,o=blackhawk</description> <role-name>role22</role-name> </security-role> </application>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd"> <jboss-web> <!-- <ejb-local-ref> <ejb-ref-name>local/ConsumerManagerLocal</ejb-ref-name> <local-jndi-name>local/ConsumerManagerLocal</local-jndi-name> </ejb-local-ref> --> <resource-ref> <res-ref-name>jdbc/bhffds</res-ref-name> <jndi-name>java:jdbc/bhffds</jndi-name> </resource-ref> <context-root>fastforward</context-root> <security-domain>java:/jaas/ldap-security</security-domain> </jboss-web>