| Author |
isUserInRole() rules
|
Peter Warde
Ranch Hand
Joined: Aug 18, 2004
Posts: 71
|
|
is it correct that the method of HttpServletRequest isUserInRole(String roleName) works like this in relation to the DD:
- first checks the DD for the <role-name> element of <security-role-ref> for a match
- if it doesn't find the above match, it checks the <role-name> of <security-role> for a match
- if it doesn't find a match in either case it returns false
otherwise
- if it does find a match in either case but the user is not authenticated then it returns false
- if it does find a match and the user is authenticated it returns true
I think this is corrcet from my understanding of the spec, but just to be sure can anyone confirm it is so.
Thanks
|
 |
kapil munjal
Ranch Hand
Joined: May 11, 2004
Posts: 298
|
|
Hi,
- if it doesn't find the above match, it checks the <role-name> of <security-role> for a match
I think the second line which you have written is not correct.
According to my understanding about this...it only checks <security-role-ref> and if doesn't find a match it returns false..
Kapil
|
Kapil Munjal
SCJP 1.4, SCWCD 1.4
|
|
Peter Warde
Ranch Hand
Joined: Aug 18, 2004
Posts: 71
|
|
The Servlet Spec says 12.3
"If no security-role-ref element matching a security-role element has been declared, the container must default to checking the role-name argument against the list of security-role elements for the web application."
I think this means that second line is true.
Any comments
Peter
|
|
Jose Esteban
Ranch Hand
Joined: Nov 28, 2004
Posts: 102
|
|
|
I think you are right.
|
|
kapil munjal
Ranch Hand
Joined: May 11, 2004
Posts: 298
|
|
May be my understanding is wrong about this.
I studied about this in HF servlets and jsp, I need to confirm from that again, what exactly does it say...
Kapil
|
|
 |
|
|
subject: isUserInRole() rules
|
|
|
0
