GeeCON Prague 2014*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Q:security-role-ref Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Q:security-role-ref" Watch "Q:security-role-ref" New topic
Author

Q:security-role-ref

Henrik Krievs
Ranch Hand

Joined: Jan 05, 2004
Posts: 59
Howdy !

I'm a bit confused about <security-role-ref>.

If I have a user mapped to "manager" in tomcat-users.xml - and do a

<security-role-ref>
<role-name>admin</role-name>
<role-link>manager</role-link>
</security-role-ref>

- then a check on isUserInRole("admin") == true as is isUserInRole("manager") - fair enough !

If I add an additional mapping (same servlet)

<security-role-ref>
<role-name>manager</role-name>
<role-link>another_role</role-link>
</security-role-ref>

- then the above check still responds with 2 times true !

What did I miss out her ?

/Rgds, Henrik
Something really fancy in the signature
 
GeeCON Prague 2014
 
subject: Q:security-role-ref