Anticipating the obvious, we had already planned on deploying related web
and EJB tiers on the same glassfish instance and scaling them accordingly.
From what you say I take we should not expect any problems there.
Thank you very much for sharing this information.
wim
-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: woensdag 11 juni 2008 21:07
To: users_at_glassfish.dev.java.net
Subject: Re: RE: request for feature : "automagic" ldap group to j2ee role
mapping
if the web and ejb tiers are executing in the same vm, then the security
context containing the group principals on which the role mappings are based
will be seen by the ejb tier. It gets a little more complicated if you
require distribution of the web and ejb tiers, as in that case, the group
principals are not sent across the wire. the csiv2 protocol defines how to
do this, but at a higher conformance level than is required for EE
compatibility. so..., for this to work across a netwok hop, you need to be
able to reassign the group principals based on the asserted caller id; which
is something that requires a change to the way we process identity
assertions within the csiv2 layer of glassfish.
Although not obvious from the defect report, I think the intent is to handle
this problem as part of the resolution of the following issue/
https://glassfish.dev.java.net/issues/show_bug.cgi?id=3873
please feel free to share my answers on the opensso forum.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=279778
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net