[GLASSFISH-357] Provide default role / group mapping if no sun-application.xml is existing Created: 07/Mar/06  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 9.0pe
Fix Version/s: not determined

Type: Improvement Priority: Minor
Reporter: bjb Assignee: raharsha
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


Issuezilla Id: 357

 Description   

If no sun-application.xml is found, a defaults 1 to 1 mapping should be done for
all the referenced roles found in the application.

This means the application will collect all the role names (for instance in
web.xml , using the xpath /security-role/role-name ) available on all the Java
EE standard deploymet descriptors (web,ejb,application).

As an example having in web.xml :

<security-role>
<description>The system administrators</description>
<role-name>ADMINISTRATOR</role-name>
</security-role>

would mean having automatically a behavior like if the following sun-file would
be existing

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application
Server 9.0 Java EE Application 5.0//EN"
"DOPUTTHERIGHTPATHHERE/sun-application_5_0-0.dtd">
<sun-application>
<security-role-mapping>
<role-name>ADMINISTRATOR</role-name>
<group-name>ADMINISTRATOR</group-name>
</security-role-mapping>
<realm>telemak</realm>
</sun-application>

This would enable out of the box deployment of any WAR/EAR having security
requirements. This is an important point for Java EE "WORA" !



 Comments   
Comment by Hong Zhang [ 08/Nov/07 ]

assign to security team for further evaluation

Comment by raharsha [ 13/Nov/07 ]

Please take a look at "default principal to role mapping" in glassfish as
explained here.

http://blogs.sun.com/bobby/entry/simplified_security_role_mapping

Does this satisfy your requirements?

Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

Generated at Thu Jul 30 18:31:53 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.