1 of 1 people found this helpful
Roles assigned to the web artifacts in the web.xml directly maps to the roles/groups defined in DB/LDAP.
If user A is a member of group G in the Active directory. Then user A will be able to access the web resources that has been associated to the Role G in the web.xml.
For this scenario your security constraint would look like this
Apart from adding security domain in jboss-web.xml. You would also define an application policy(name should match the domain name) in login-config.xml.
Hope this helps.
Thank you for looking at my question.
My problem looks to be about the login-config.xml.
I have not been able to find a document or a manual which shows how I can define the policy inside that file. for example I have a role and I want to map it to a username james.k and a group named employees. How I can do that assuming that I want to either use a JDBC realm or an LDAP realm?
Following links describes how to configure the login-config.xml
This is a basic module
This module has the search capability for the given service account
Perhaps there is a little bit of confusion here - there is no "mapping" of roles in the database or LDAP to the roles in web.xml. If the roles in LDAP, for example, for user "james.k" are "dept.a", "manager" and "ops", then you can use any of those roles in web.xml to grant james.k access to resources.
There is no way to translate roles in LDAP or the database into another set of roles for use in web.xml. At least, not as far as I know without writing some code. So there is no way to, for example, map the "dept.a" role in LDAP to an "employee" role used in web.xml.
Now I understand. I guess we are all in the same boat now. I have been trying to figure out this problem. I have posted a question last week. http://community.jboss.org/thread/147192?tstart=0