How to define an ANYONE role in Glassfish
By monzillo on Jan 15, 2008
An ANYONE role is a role that is granted to every authenticated user and only to authenticated users. Any Glassfish realm may be configured such that it assigns one or more group principals as a side effect of any successful authentication at the realm. Any application role that is mapped to one of the assigned group principals can be used as an ANYONE role. An application defines an ANYONE role as follows:
- configure the "assign.groups" property of the Glassfish realm used for the application. This can be accomplished by using the admin console. Login to the console and navigate to the realm specific configuration screen found under configuration => security => realms. In the "Assign Group:" input box on that screen, specify the name of the group principal that you want to be assigned by the realm.
- declare a role either within the corresponding portable deployment descriptor, or by using either the @declareRoles or @rolesAllowed annotations.
- map the assigned group principal to the declared role, as described in Principal 2 role mapping and Glassfish. If the default mapping is employed to map the group principal to the role, the name of the role must be equivalent to that of the assigned group. Otherwise, the role may be given any name.