[GLASSFISH-357] Provide default role / group mapping if no sun-application.xml is existing Created: 07/Mar/06  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 9.0pe
Fix Version/s: not determined

Type: Improvement Priority: Minor
Reporter: bjb Assignee: raharsha
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: All
Platform: All

Issuezilla Id: 357


If no sun-application.xml is found, a defaults 1 to 1 mapping should be done for
all the referenced roles found in the application.

This means the application will collect all the role names (for instance in
web.xml , using the xpath /security-role/role-name ) available on all the Java
EE standard deploymet descriptors (web,ejb,application).

As an example having in web.xml :

<description>The system administrators</description>

would mean having automatically a behavior like if the following sun-file would
be existing

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application
Server 9.0 Java EE Application 5.0//EN"

This would enable out of the box deployment of any WAR/EAR having security
requirements. This is an important point for Java EE "WORA" !

Comment by Hong Zhang [ 08/Nov/07 ]

assign to security team for further evaluation

Comment by raharsha [ 13/Nov/07 ]

Please take a look at "default principal to role mapping" in glassfish as
explained here.


Does this satisfy your requirements?

Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

Generated at Tue Feb 09 03:48:41 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.