Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Developer's Guide

Defining Roles

You define roles in the J2EE deployment descriptor file, web.xml, and the corresponding role mappings in the Application Server deployment descriptor file, sun-application.xml (or sun-web.xml for individually deployed web modules).

For more information regarding web.xml elements, see Chapter 13, “Deployment Descriptor,” of the Java Servlet Specification, v2.4. For more information regarding sun-web.xml and sun-application.xml elements, see Appendix A, Deployment Descriptor Files.

Each security-role-mapping element in the sun-application.xml or sun-web.xml file maps a role name permitted by the web application to principals and groups. For example, a sun-web.xml file for an individually deployed web module might contain the following:


Note that the role-name in this example must match the role-name in the security-role element of the corresponding web.xml file.

Note that for J2EE applications (EAR files), all security role mappings for the application modules must be specified in the sun-application.xml file. For individually deployed web modules, the roles are always specified in the sun-web.xml file. A role can be mapped to either specific principals or to groups (or both). The principal or group names used must be valid principals or groups in the current default realm.