Java Reference
In-Depth Information
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<role-name>TutorialUser</role-name>
</security-role>
This deployment descriptor specifies that the request URI
/greeting
can be accessed
only by users who have entered their user names and passwords and have been authorized
to access this URL because they have been verified to be in the role
TutorialUser
.
The user name and password data will be sent over a protected transport in order to keep
it from being read in transit.
Specifying Non-Default Principal-to-Role Mapping in the Deployment Descriptor
To map a role name permitted by the application or module to principals (users) and
groups defined on the server, use the
security-role-mapping
element in the
runtime deployment descriptor file (
glassfish-application.xml
,
glassfish-
web.xml
, or
glassfish-ejb-jar.xml
). The entry needs to declare a mapping
between a security role used in the application and one or more groups or principals
defined
for
the
applicable
realm
of
the
GlassFish
Server.
An
example
for
the
glassfish-web.xml
file is shown below:
<glassfish-web-app>
<security-role-mapping>
<role-name>DIRECTOR</role-name>
<principal-name>schwartz</principal-name>
</security-role-mapping>
<security-role-mapping>
<role-name>DEPT-ADMIN</role-name>
<group-name>dept-admins</group-name>
</security-role-mapping>
</glassfish-web-app>
The role name can be mapped to either a specific principal (user), a group, or both. The
principal or group names referenced must be valid principals or groups in the current de-
fault realm of the GlassFish Server. The
role-name
in this example must exactly match
the
role-name
in the
security-role
element of the corresponding
web.xml
file
or the role name defined in the
@DeclareRoles
and/or
@RolesAllowed
annota-
tions.
