Oracle GlassFish Server 3.0.1 Application Deployment Guide


Maps roles to users or groups in the currently active realm. See Realm Configuration in Oracle GlassFish Server 3.0.1 Application Development Guide.

The role mapping element maps a role, as specified in the EJB JAR role-name entries, to a environment-specific user or group. If it maps to a user, it must be a concrete user which exists in the current realm, who can log into the server using the current authentication method. If it maps to a group, the realm must support groups and the group must be a concrete group which exists in the current realm. To be useful, there must be at least one user in that realm who belongs to that group.


sun-application (sun-application.xml), sun-web-app (sun-web.xml), sun-ejb-jar (sun-ejb-jar.xml)


The following table describes subelements for the security-role-mapping element.

Table C–130 security-role-mapping Subelements





only one 

Contains the role-name in the security-role element of the corresponding Java EE deployment descriptor file.


one or more if no group-name, otherwise zero or more

Contains a principal (user) name in the current realm. In an enterprise bean, the principal must have the run-as role specified. 


one or more if no principal-name, otherwise zero or more

Contains a group name in the current realm.