Sun Java System Application Server Platform Edition 8.1 2005Q2 Update 2 Developer's Guide

security-role-mapping

Maps roles to users or groups in the currently active realm. See Realm Configuration.

The role mapping element maps a role, as specified in the EJB JAR role-name entries, to a environment-specific user or group. If it maps to a user, it must be a concrete user which exists in the current realm, who can log into the server using the current authentication method. If it maps to a group, the realm must support groups and the group must be a concrete group which exists in the current realm. To be useful, there must be at least one user in that realm who belongs to that group.

Superelements

sun-application (sun-application.xml), sun-web-app (sun-web.xml), sun-ejb-jar (sun-ejb-jar.xml)

Subelements

The following table describes subelements for the security-role-mapping element.

Table A–98 security-role-mapping Subelements

Element  

Required  

Description  

role-name

only one 

Contains the role-name in the security-role element of the corresponding J2EE deployment descriptor file.

principal-name

one or more if no group-name, otherwise zero or more

Contains a principal (user) name in the current realm. In an enterprise bean, the principal must have the run-as role specified. 

group-name

one or more if no principal-name, otherwise zero or more

Contains a group name in the current realm.