> > I found this
> >
> http://forum.java.sun.com/thread.jspa?threadID=5145779
> >
> > Finally, after enabling
> Default-Principal-To-Role-Mapping, and making group
> to role mappings both in sun-ebj-jar.xml and
> sun-application.xml it finally works.
>
> That's the funny thing about computers -- they can't
> read your mind, heh
> heh. From your output, it looks like the EJB is
> expecting the user to be
> in role "Uzyszkodnik," and your principal is in a
> group of the same
> name. Roles and groups are two different things:
> applications use roles,
> whereas application servers use groups and
> principals. This allows you
> to write an application that uses a role with
> whatever name you want and
> then deploy it on a server that uses different names.
>
I noted that groups and roles need to me mapped to one another.
My problem was that I _did_ map them to one another, only not in
sun-application.xml, but in sun-ejb-jar.xml.
> Otherwise, you would have to recompile apps to deploy
> them on different
> server in some cases. Anyway, I did not see in your
> email that you have
> a mapping in sun-application.xml that maps the group
> "Uzyszkodnik" to
> the role "Uzyszkodnik." Since the names are the same,
> you can either
> provide the mapping or leave it out and turn on
> default principal to
> role mapping.
Are you sure default principal-to-role mapping will do? Because I am 99% sure I tried that
before and it did not work. (did not work, and I am sure I restarted
the server after making the change and redeployed the app. BTW, I tried this on both 9.0 and 9.1 -b33e).
>
> An example of a mapping, so you know:
>
> <sun-application>
> <security-role-mapping>
> <role-name>customer</role-name>
> <group-name>users</group-name>
> </security-role-mapping>
> <security-role-mapping>
> <role-name>manager</role-name>
> <principal-name>admin</principal-name>
> </security-role-mapping>
> </sun-application>
Like I said, I did that in sun-ejb-jar.xml
>
> This would allow you to let a "manager" have access
> to some resources
> and a "customer" have access to others. In the app
> server, using this
> mapping, any user in the group "users" in the
> security realm will be
> considered a "customer" in the app and the user
> "admin" will have access
> to the "manager" resources.
I am not saying this is not useful.
What you still could share with me is: why are there security-role-mapping elements
in sun-ejb-jar.xml, if they do not work? What are they used for?
>
> Cheers,
> Bobby
>
Thanks,
Edek
[Message sent by forum member 'edek234' (edek234)]
http://forums.java.net/jive/thread.jspa?messageID=210916