glassfish_at_javadesktop.org wrote:
> Hello,
>
> I have written a custom javax.security.auth.spi.LoginModule implementation for authenticating EJB- and web applications. However, I would like to avoid to manually edit xml-descriptor files like e.g. web.xml or sun-web.xml with respect to security-specific entries like roles or role-mappings. For this, I searched and found an article ( http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule ) where an implementation of java.security.acl.Group (MyGroup) is utilized to set corresponding principals (in this case roles) for a specific subject. However, this is a JBoss-specific solution as the name of this implementation is explicitly set to "Roles". I have tried this under GlassFish v3 and I didn't succeed. The roles I added this way have been ignored. My question is if there is a corresponding solution for GlassFish?
>
You can add groups to the Subject and activate default Principal to
Role Mapping in glassfish. That will map the groups to same named Roles.
regards,
kumar
> Best regards,
>
> Frederik
> [Message sent by forum member 'nlfred']
>
> http://forums.java.net/jive/thread.jspa?messageID=471688
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>