Or if you don't want to specify security-role mappings at deployment time,
you can use use the assign-group property in the Realm configuration and
then in configuration->security check the "Default Principal To Role Mapping
Enabled" box.
This way the mapping is done automagically ;)
Wim
-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: donderdag 21 augustus 2008 13:23
To: users_at_glassfish.dev.java.net
Subject: Re: Principal to Role Mapping
The purpose of security-role-mapping is to resolve Roles and Permission at
runtime.
create a mapping like
<security-role-mapping>
<role-name>posting-create</role-name>
<group-name>posting-create</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>posting-read</role-name>
<group-name>posting-read</group-name>
</security-role-mapping>
and dont use the assign-group property in the Realm -Configuration.
Now you need to modify the User's UserGroup, in the user list (which can be
either ldap server or a database or a file ) depending on which realm you
are using.
Once you modify the user's group to anything other than posting-create like
posting-read, the user will not get the posting-create privilege, but now he
will have only posting-read privilege.
I hope this helps you.
Regards
Suyog
[Message sent by forum member 'suyogbarve' (suyogbarve)]
http://forums.java.net/jive/thread.jspa?messageID=294593
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net