Linking Roles to Groups
Linking Roles to Groups
<role-name>basicUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-constraint>BASIC</auth-constraint>
<realm-name>file</realm-name>
</login-config>
</web-app>
Linking Roles to Groups
The role of basicUser has been defined for this application, but there is no group of basicUser
defined for the Application Server. To map the role that is defined for the application
(basicUser) to a group that is defined on the Application Server (user), add a
<security-role-mapping>
element to the runtime deployment descriptor, sun-web.xml, as
shown below (modifications from the original file are in bold). The resulting runtime
deployment descriptor is located in
tut-install/javaeetutorial5/examples/jaxws/helloservice-basicauth/web/WEB-INF/
sun-web.xml
.
<?xml version=
"1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN"
"http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url=
"">
<context-root>/helloservice</context-root>
<class-loader delegate=
"true"/>
<security-role-mapping>
<role-name>basicUser</role-name>
<group-name>user</group-name>
</security-role-mapping>
</sun-web-app>
Examples: Securing Web Applications
Chapter 30 · Securing Web Applications
889
