With JBoss 4, is it possible to declaratively map J2EE roles defined by the application to groups in the operation environment as can be done with other appservers (WL/WS/SunOne etc) using their custom deployment descriptors?
I am trying to 'port' an app has about 30 roles that we have been mapping to 5 existing LDAP groups. After reading the JAAS HOWTO, and Ch8 of the admin guide, I am not seeing a way to achieve the same thing declaratively.
If there is no declarative way, would implementing a custom LoginModule that queries for group membership and then translates group names to role names for the Roles principal group be a typical way to do this?
Correct, we have no support for this notion out of the box.
It would be simple to do with a login module that took the mapping from its login module options. If you create one that you want use to maintain submit it as a patch to jira.