0 Replies Latest reply on Mar 6, 2005 1:05 PM by Scott Bonneau

    Logical role mapping in jboss-web.xml?

    Scott Bonneau Newbie

      I'm working on a system where we provide an application-scoped group/role system that sits on top of JAAS groups/roles, and I need a way of mapping those application-scoped roles onto roles that JAAS knows about. For instance, I have a role that JAAS knows about called "everyone", and a role that the application knows about called "users" whose membership consists of all the users in the role "everyone". In Weblogic, I declare this mapping by adding a <security-role-assignment> entry in weblogic.xml:

      <security-role-assignment>
       <role-name>users</role-name>
       <principal-name>everyone</principal>
      </security-role-assignment>
      


      In my web.xml, I have a reference to the "users" role, for instance in an authorization constraint:
      <security-constraint>
       <web-resource-collection>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>users</role-name>
       </auth-constraint>
      </security-constraint>
      


      From looking at the DTD (jboss-web_4_0.dtd), it looks like I should be able to do something similar to the <security-role-assignment> in jboss-web.xml:

      <security-role>
       <role-name>users</role-name>
       <principal-name>everyone</principal>
      </security-role>
      


      However, this appears to be ignored by the system, and when I try to access the web resource I get a SecurityException saying my user who belongs to the "everyone" JAAS role doesn't have sufficient permissions.

      Any help is greatly appreciated.