glassfish
  1. glassfish
  2. GLASSFISH-357

Provide default role / group mapping if no sun-application.xml is existing

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 9.0pe
    • Fix Version/s: not determined
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      357

      Description

      If no sun-application.xml is found, a defaults 1 to 1 mapping should be done for
      all the referenced roles found in the application.

      This means the application will collect all the role names (for instance in
      web.xml , using the xpath /security-role/role-name ) available on all the Java
      EE standard deploymet descriptors (web,ejb,application).

      As an example having in web.xml :

      <security-role>
      <description>The system administrators</description>
      <role-name>ADMINISTRATOR</role-name>
      </security-role>

      would mean having automatically a behavior like if the following sun-file would
      be existing

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application
      Server 9.0 Java EE Application 5.0//EN"
      "DOPUTTHERIGHTPATHHERE/sun-application_5_0-0.dtd">
      <sun-application>
      <security-role-mapping>
      <role-name>ADMINISTRATOR</role-name>
      <group-name>ADMINISTRATOR</group-name>
      </security-role-mapping>
      <realm>telemak</realm>
      </sun-application>

      This would enable out of the box deployment of any WAR/EAR having security
      requirements. This is an important point for Java EE "WORA" !

        Activity

        Hide
        Hong Zhang added a comment -

        assign to security team for further evaluation

        Show
        Hong Zhang added a comment - assign to security team for further evaluation
        Hide
        raharsha added a comment -

        Please take a look at "default principal to role mapping" in glassfish as
        explained here.

        http://blogs.sun.com/bobby/entry/simplified_security_role_mapping

        Does this satisfy your requirements?

        Show
        raharsha added a comment - Please take a look at "default principal to role mapping" in glassfish as explained here. http://blogs.sun.com/bobby/entry/simplified_security_role_mapping Does this satisfy your requirements?
        Hide
        Tom Mueller added a comment -

        Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

        Show
        Tom Mueller added a comment - Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

          People

          • Assignee:
            raharsha
            Reporter:
            bjb
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: