The purpose of security-role-mapping is to resolve Roles and Permission at runtime.
create a mapping like
<security-role-mapping>
<role-name>posting-create</role-name>
<group-name>posting-create</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>posting-read</role-name>
<group-name>posting-read</group-name>
</security-role-mapping>
and dont use the assign-group property in the Realm -Configuration.
Now you need to modify the User's UserGroup, in the user list (which can be either ldap server or a database or a file ) depending on which realm you are using.
Once you modify the user's group to anything other than posting-create like posting-read, the user will not get the posting-create privilege, but now he will have only posting-read privilege.
I hope this helps you.
Regards
Suyog
[Message sent by forum member 'suyogbarve' (suyogbarve)]
http://forums.java.net/jive/thread.jspa?messageID=294593