You can re-use the GlassfishRoleMapper class that is present in the same
package for using the existing GF principal-role-mapping.
If you follow the code in SimplePolicyConfiguration, you can observe
that GlassfishRoleMapper is the default RoleMapper class that is loaded.
To override it, you can set a jvm-option:
<jvm-options>-Dsimple.jacc.provider.JACCRoleMapper.class=<custom-role-mapper-class></jvm-options>
Thanks
Nithya
On Friday 28 January 2011 02:19 AM, Laird Nelson wrote:
> (I'm never sure if this stuff gets to what used to be the Glassfish
> forum or not. It seems to take days--days--for the mail gateway to
> work, and then only for direct messages and not replies. For example,
> I replied via email to the users_at_glassfish.java.net
> <mailto:users_at_glassfish.java.net> list and to the responder who
> answered my prior question, and it hasn't yet shown up in the forums.)
>
> I'm plowing ahead with implementing a JACC provider.
>
> I am looking at the Glassfish SimplePolicyConfiguration class as a
> guide (for that part of the contract).
>
> What do I do if I want to make use of the existing Glassfish
> principal-to-role mapping facilities? That is, I'd like people to
> continue to be able to use the sun-web.xml and sun-ejb-jar.xml files
> to map their principals to application roles--I don't want to have to
> write this part.
>
> It looks to my naive eyes like this part is not spelled out in the
> JACC contract.
>
> So how can I--from my JACC provider--query Glassfish to find what
> Principals it thinks belong to a given application role?
>
> Thanks,
> Laird