THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
It is used to map roles specified in the EAR file to roles or principals in the security realm that will be used when deploying the module. If this optional element is present, all web and EJB modules must make the appropriate access checks as outlined in the JACC spec. This element groups the security role mapping settings for the application. <app:security> contains the following elements:
- The <doas-current-caller> optional element may be set to true or false (default). If set to true, any work done by the application will be performed as the calling Subject, instead of "as the application server". This can be used to hook into the Java JVM security sandbox (for example, to only allow trusted users to access the server filesystem). It is not ususally necessary, as the application-level security features are typically sufficient. When it is enabled, you may want to adjust the security policy used for the server to control certain permissions by subject.
- The <use-context-handler> optional element may be set to true or false (default). If set to true, the installed JACC policy contexts will use PolicyContextHandlers.
- The <default-role> element is used by the the Deployer to assign method permissions for all of the unspecified methods, either by assigning them to security roles, or by marking them as unchecked. If the value of default-role is empty, then the unspecified methods are marked unchecked.
- The <description> element.
- The <credential-store-ref> element.
- The <default-subject> element.
- The <role-mappings> element holds the information mapping roles declared in the application.xml deployment descriptor to specific principals present in the security realms available to Geronimo.
<sys:service>
The <sys:service> element uses the Geronimo deployment namespace described here:
...