Maps roles to users or groups in the currently active realm. See Realm Configuration in Sun GlassFish Enterprise Server 2.1 Developer’s Guide.
The role mapping element maps a role, as specified in the EJB JAR role-name entries, to a environment-specific user or group. If it maps to a user, it must be a concrete user which exists in the current realm, who can log into the server using the current authentication method. If it maps to a group, the realm must support groups and the group must be a concrete group which exists in the current realm. To be useful, there must be at least one user in that realm who belongs to that group.
sun-application (sun-application.xml), sun-web-app (sun-web.xml), sun-ejb-jar (sun-ejb-jar.xml)
The following table describes subelements for the security-role-mapping element.
Table A–105 security-role-mapping Subelements
Element |
Required |
Description |
---|---|---|
only one |
Contains the role-name in the security-role element of the corresponding Java EE deployment descriptor file. |
|
one or more if no group-name, otherwise zero or more |
Contains a principal (user) name in the current realm. In an enterprise bean, the principal must have the run-as role specified. |
|
one or more if no principal-name, otherwise zero or more |
Contains a group name in the current realm. |