<%-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --%> <%-- $Rev$ $Date$ --%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>

WAR - Security -- Specify Security Realm and Role Mappings

Map security roles declared in web.xml deployment descriptor to specific users or groups in the security realms configured in Geronimo. You can also specify a default user or group to be used when the end user has not yet logged in.

Security Realm Name:
	Select the Geronimo security realm that will authenticate user logins.

Advanced Settings

Credential Store:
	Select the Credential Store which has the defaultSubject and runAsSubjects defined.
Default Subject:
Realm:
Id:
	The defaultSubject is used whenever an unauthenticated user accesses an unsecured page. Typically, this is used so that an unsecured page can access a secured resource, a secured EJB for example. Realm is the realm name of the default subject and Id is the default subject's name within that realm.
doas-current-caller:
	Select this if the work is to be performed as the calling Subject/User instead of as Server.
use-context-handler:
	Select this if the installed JACC policy contexts should use PolicyContextHandlers.

Security Role Mappings:

Security roles declared in web.xml are shown below to the left. Map them to specific principals present in Geronimo's security realms by adding Principals, Login Domain Principals, Realm Principals and/or Distinguished Names.

${role.roleName}:

Add:

Specify run-as-subject*

* Click Advanced Settings to enable specifying run-as-subject

">Cancel