[jboss-cvs] JBossAS SVN: r102266 - projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Mar 11 01:50:57 EST 2010 

Author: jaredmorgs
Date: 2010-03-11 01:50:56 -0500 (Thu, 11 Mar 2010)
New Revision: 102266

Modified:
   projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/JBoss_Security_Guide.xml
   projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/chap-Security_Configuration_And_Architecture.xml
Log:
[Sec Guide] Added http://anil-identity.blogspot.com/2010/02/tip-role-mapping-in-jboss-application.html to guide

Modified: projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/JBoss_Security_Guide.xml
===================================================================
--- projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/JBoss_Security_Guide.xml	2010-03-11 06:26:17 UTC (rev 102265)
+++ projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/JBoss_Security_Guide.xml	2010-03-11 06:50:56 UTC (rev 102266)
@@ -5,14 +5,6 @@
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Book_Info.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Preface.xml"/>
 <!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chap-JBoss_Security.xml"/>-->  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chap-Security_Configuration_And_Architecture.xml"/>
-  <appendix>
-    <title>Security Tips and Tricks</title>
-    <para/>
-    <section>
-      <title>Role Mapping at the Deployment Level</title>
-      <para/>
-    </section>
-  </appendix>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
   <index/>
 </book>

Modified: projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/chap-Security_Configuration_And_Architecture.xml
===================================================================
--- projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/chap-Security_Configuration_And_Architecture.xml	2010-03-11 06:26:17 UTC (rev 102265)
+++ projects/docs/enterprise/5.1/JBoss_Security_Guide/en-US/chap-Security_Configuration_And_Architecture.xml	2010-03-11 06:50:56 UTC (rev 102266)
@@ -1630,6 +1630,41 @@
     This will load the specified <literal>AuthConfig</literal> resource using the specified <literal>LoginConfigService</literal> MBean by invoking <literal>loadConfig</literal> with the appropriate resource URL. When the service is stopped the configurations are removed. The resource specified may be either an XML file, or a Sun JAAS login configuration.
    </para>
     </section>
+    <section>
+      <title>Configuring Deployment-level Role Mapping </title>
+      <para>In EAP v5.0 and beyond, it is possible to map roles from the ones derived at the security domain level to include additional roles included in deployment (such as at the EAR level).  This is achieved by declaring the  <classname>org.jboss.security.mapping.providers.DeploymentRolesMappingProvider</classname> class as the value for the <parameter>class</parameter> attribute in the <sgmltag>&lt;mapping-module&gt;</sgmltag> element.  Additionally, the <parameter>type</parameter> attribute must be set to <literal>role</literal>.</para>
+      <para>By configuring  the mapping configuration element within the  role-based parameter, you can map   additional role interpretation to the declared principals  specified in  for the particular deployment (war, ear, ejb-jar etc).</para>
+      <important>
+        <title>Important: &lt;rolemapping&gt; deprecated for &lt;mapping&gt;</title>
+        <para>In versions prior to EAP 5.0, the <sgmltag>&lt;rolemapping&gt;</sgmltag> element contained the <sgmltag>&lt;mapping-module&gt;</sgmltag> element and class declaration.   <sgmltag>&lt;rolemapping&gt;</sgmltag> has now been deprecated, and replaced with the <sgmltag>&lt;mapping&gt;</sgmltag> element.</para>
+      </important>
+      <example>
+        <title>&lt;mapping-module&gt; declaration</title>
+        <programlisting language="XML" role="XML">&lt;application-policy name=&quot;some-sec-domain&quot;&gt;
+&lt;authentication&gt;
+...
+&lt;/authentication&gt;
+&lt;mapping&gt;
+   &lt;mapping-module code=&quot;org.jboss.security.mapping.providers.DeploymentRolesMappingProvider&quot;
+                   type=&quot;role&quot;/&gt;
+&lt;/mapping&gt;
+...
+&lt;/application-policy&gt;</programlisting>
+      </example>
+      <para>Once the security domain is configured correctly, you can append the <sgmltag>&lt;security-role&gt;</sgmltag> element group as a child element of the <sgmltag>&lt;assembly-descriptor&gt;</sgmltag> to the <filename>jboss.xml</filename>, or <filename>jboss-web.xml</filename> files.</para>
+      <example>
+        <title>&lt;security-role&gt; declaration</title>
+        <programlisting>&lt;assembly-descriptor&gt;
+  ...
+    &lt;security-role&gt;
+      &lt;role-name&gt;Support&lt;/role-name&gt;
+      &lt;principal-name&gt;Mark&lt;/principal-name&gt; 
+      &lt;principal-name&gt;Tom&lt;/principal-name&gt;
+    &lt;/security-role&gt;
+  ...
+&lt;/assembly-descriptor&gt;</programlisting>
+      </example>
+    </section>
     <section id="Defining_Security_Domains-Using_JBoss_Login_Modules">
       <title>Using JBoss Login Modules</title>
       <para>

More information about the jboss-cvs-commits mailing list