aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Is auth-constraint related to security-role? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Is auth-constraint related to security-role?" Watch "Is auth-constraint related to security-role?" New topic
Author

Is auth-constraint related to security-role?

Rick Roberts
Ranch Hand

Joined: Apr 07, 2005
Posts: 59

I have searched HFS&J and Mikalai Zaikin's Notes and still don't understand this concept. Maybe the answer is there and I just missed it but:

Is the <role-name> element in <auth-constraint> related to the <role-name>
element in <security-role> ?


Edited to include a code example:




Thanks
[ October 15, 2006: Message edited by: Rick Roberts ]

SCJP
"Stay on the path."
Kai Witte
Ranch Hand

Joined: Jul 17, 2004
Posts: 356
hello,

yes. Normally in auth-constraint only roles which are declared using security-role would be used.

Kai


Kai Witte's business website Kai Witte's private homepage
Rick Roberts
Ranch Hand

Joined: Apr 07, 2005
Posts: 59

Does that mean that a <security-role> <role-name> is required before you can use <auth-constraint> <role-name> ?
Kai Witte
Ranch Hand

Joined: Jul 17, 2004
Posts: 356
hello,

without the security-role declaration the container would normally not be able to (or is not allowed to be able to?) map the role names in the auth-constraint to the ones that are set up in the container-specific configuration.

I recommend to just set up such a system, for example with the Tomcat MemoryRealm.

Kai
Rick Roberts
Ranch Hand

Joined: Apr 07, 2005
Posts: 59

I have set it up in my tomcat and I still don't get it.

It doesn't work the way that I expect it would I will probably be able to figure it out. I may have to reference the tomcat docs.

But more importantly, I don't think that HFS&J nor Mikalai's notes gives enough info to understand how this works.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Is auth-constraint related to security-role?