What I would really like to be able to do, and what I am struggling with, is
how I can use the groups defined in my file realm to authorize the wsse user
(is this possible?).
Even though 'user1' is a member of 'group1' in my file realm, this
security-role-mapping does not work:
<security-role-mapping>
<role-name>abc</role-name>
<group-name>group1</group-name>
</security-role-mapping>
I get this exception:
Client not authorized for invocation of public final java.lang.String
$Proxy75.sayHello() throws java.rmi.RemoteException
If possible, I don't want to have to define all of the principals in my
security-role-mapping with <principal-name>.
Shing Wai Chan wrote:
>
> jon_c wrote:
>> Thanks for your reply, Shing.
>>
>> Since, in my security realm (file), I cannot define a user with the name
>> "CN=jon", is there some way that I can still authorize my principal using
>>
> One should not put "CN=" in the realm. It should be put in
> security-role-mapping.
> If we use the realm for a ejb application, then the
> security-role-mapping should be without "CN=".
> The "CN=" is only when we are using WSSE.
>> the file realm as my identity store without having to bloat my descriptor
>> with <principal-name>CN=userX</principal-name> entries?
>>
>>
>> Shing Wai Chan wrote:
>>
>
--
View this message in context: http://www.nabble.com/Using-wsse%3AUsernametoken-for-role-based-authorization-tf3231745.html#a8995533
Sent from the java.net - glassfish users mailing list archive at Nabble.com.