David Jencks closed GERONIMO-423:
Fix Version: 1.0-M4
Assign To: David Jencks
After some discussions with adc and jgenender we decided that it only made sense for there to be a single principal<>role mapping for the ear. This can be located at the "top level" of the geronimo-application plan or in any one submodule: the effect is the same. Attempting to include more than one results in a deployment error. This was implemented some time ago during some JACC improvements/refactoring to make the JACC context ID per ejb module rather than per ejb.
> The J2EE DD application.xml may declare security roles. It would be nice if the deployer could map those to principals, and then those mappings would be the default for any modules in the EAR that use the same roles.
> To implement this, we can add a "security" element referencing geronimo-security.xsd to geronimo-application.xsd, so that becomes 1 place to (optionally) do all role mapping for the application. If you want to do it separately for each module, or to override the EAR settings with some module-specific setting, that would be fine too.