Defining roles based on groups and updating ldap schema to be used when searching groups

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@800955 13f79535-47bb-0310-9956-ffa450edef68
author: lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> 2009-08-04 20:43:53 +0000
committer: lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> 2009-08-04 20:43:53 +0000
commit: b03fa7f42665d0249bf6ebb27090547bd2551ad9 (patch)
tree: 4734280ddb7bc494945f2510a203d36009df3db9 /sandbox/lresende
parent: 5dd6ff4c0350b94f873eac1bcb0eb40866b361fa (diff)
1 files changed, 7 insertions, 8 deletions
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
index 1183b91370..705010bf7c 100644
--- a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
@@ -32,18 +32,17 @@
 	<web:security-realm-name>ldap-realm</web:security-realm-name>
     <sec:security>
         <sec:role-mappings>
-            <sec:role role-name="manager">
-                <sec:principal name="PWEST" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-            </sec:role>
-            <sec:role role-name="user">
-                <sec:principal name="PHAGE" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-            </sec:role>
+            <!--
             <sec:role role-name="manager">
                 <sec:principal name="lmanager" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
             </sec:role>            
             <sec:role role-name="user">
                 <sec:principal name="lresende" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
             </sec:role>
+            -->
+            <sec:role role-name="manager">
+                <sec:principal name="managers" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" designated-run-as="true"/>
+            </sec:role>            
         </sec:role-mappings>
     </sec:security>
     
@@ -63,9 +62,9 @@
                     <lc:option name="userBase">ou=people,dc=tnc,dc=org</lc:option>
                     <lc:option name="userSearchMatching">uid={0}</lc:option>
                     <lc:option name="userSearchSubtree">false</lc:option>
-                    <lc:option name="roleBase">ou=people,dc=tnc,dc=org</lc:option>
+                    <lc:option name="roleBase">ou=groups,dc=tnc,dc=org</lc:option>
                     <lc:option name="roleName">cn</lc:option>
-                    <lc:option name="roleSearchMatching">(objectClass={0})</lc:option>
+                    <lc:option name="roleSearchMatching">(member={0})</lc:option>
                     <lc:option name="roleSearchSubtree">false</lc:option>                    
                 </lc:login-module>
             </lc:login-config>
author	lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68>	2009-08-04 20:43:53 +0000
committer	lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68>	2009-08-04 20:43:53 +0000
commit	b03fa7f42665d0249bf6ebb27090547bd2551ad9 (patch)
tree	4734280ddb7bc494945f2510a203d36009df3db9 /sandbox/lresende
parent	5dd6ff4c0350b94f873eac1bcb0eb40866b361fa (diff)