This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes isUserInRole() rules Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "isUserInRole() rules" Watch "isUserInRole() rules" New topic
Author

isUserInRole() rules

Peter Warde
Ranch Hand

Joined: Aug 18, 2004
Posts: 71
is it correct that the method of HttpServletRequest isUserInRole(String roleName) works like this in relation to the DD:

- first checks the DD for the <role-name> element of <security-role-ref> for a match
- if it doesn't find the above match, it checks the <role-name> of <security-role> for a match
- if it doesn't find a match in either case it returns false

otherwise

- if it does find a match in either case but the user is not authenticated then it returns false
- if it does find a match and the user is authenticated it returns true

I think this is corrcet from my understanding of the spec, but just to be sure can anyone confirm it is so.

Thanks
kapil munjal
Ranch Hand

Joined: May 11, 2004
Posts: 298
Hi,

- if it doesn't find the above match, it checks the <role-name> of <security-role> for a match

I think the second line which you have written is not correct.

According to my understanding about this...it only checks <security-role-ref> and if doesn't find a match it returns false..

Kapil


Kapil Munjal
SCJP 1.4, SCWCD 1.4
Peter Warde
Ranch Hand

Joined: Aug 18, 2004
Posts: 71
The Servlet Spec says 12.3

"If no security-role-ref element matching a security-role element has been declared, the container must default to checking the role-name argument against the list of security-role elements for the web application."

I think this means that second line is true.

Any comments

Peter
Jose Esteban
Ranch Hand

Joined: Nov 28, 2004
Posts: 102
I think you are right.
kapil munjal
Ranch Hand

Joined: May 11, 2004
Posts: 298
May be my understanding is wrong about this.

I studied about this in HF servlets and jsp, I need to confirm from that again, what exactly does it say...

Kapil
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: isUserInRole() rules
 
Similar Threads
Security roles in web.xml
HFSJ Final Mock Question 43
security-role-ref
request.isUerInRole()
security-role-ref and isUserInRole( )