This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes security-role & security-role-ref Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "security-role & security-role-ref" Watch "security-role & security-role-ref" New topic

security-role & security-role-ref

NDP Prasad
Ranch Hand

Joined: Apr 13, 2006
Posts: 177
1. what is the difference between the <security-role-ref> and <security-role>?

Mark Garland
Ranch Hand

Joined: Nov 11, 2006
Posts: 226
I believe <security-role> is used for defining the roles in your web app, and is used by the container to map its roles to those in your DD.

<security-role-ref> on the other hand is where declarative programmatic security has been used.
If request.isUserInRole("Boss") has been used, but your app has no declaration of a 'Boss' role because you have used 'Manager', you can use <security-role-ref> to tell the container that 'Boss' means 'Manager'.

Open to corrections on this one as I'm learning too!

28/06/06 - SCJP - 69%, 05/06/07 - SCWCD - 92%, 28/02/08 - IBM DB2 v9 Fundamentals (Exam 730) - 87%, 18/11/08 - IBM DB2 v9 DBA (Exam 731) - 89%, 26/02/11 - SCBCD - 88%
I agree. Here's the link:
subject: security-role & security-role-ref
jQuery in Action, 3rd edition