aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes security-role-ref and isUserInRole( ) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "security-role-ref and isUserInRole( )" Watch "security-role-ref and isUserInRole( )" New topic
Author

security-role-ref and isUserInRole( )

Grace Yang
Ranch Hand

Joined: Apr 01, 2007
Posts: 58
I am studying how <security-role-ref> maps role name, below are my web.xml and snippet of BasicServlet class, I expected to isUserInRole("Manger") returns true, but it returns false, I don't know why?

---BasicServlet.java
System.out.println("Manger isUserInRole? " + req.isUserInRole("Manger") );
res.getWriter().println("Manger isUserInRole? " + req.isUserInRole("Manger"));
------ web.xml
<web-app>
<servlet>
<servlet-name>BasicServlet</servlet-name>
<servlet-class>coreservlets.BasicServlet</servlet-class>
<security-role-ref>
<role-name>Manager</role-name>
<role-link>supervisor</role-link>
</security-role-ref>
</servlet>

<servlet-mapping>
<servlet-name>BasicServlet</servlet-name>
<url-pattern>/FirstPractice/test</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/MySecurity/formlogin.html</form-login-page>
<form-error-page>/MySecurity/formerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>supervisor</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>declarative security test</web-resource-name>
<url-pattern>/FirstPractice/test</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>supervisor</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
========

anybody knows?

Thanks
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

The pseudo role is declared "Manager" in your descriptor, so replace "Manger" with "Manager" in your code


[My Blog]
All roads lead to JavaRanch
Grace Yang
Ranch Hand

Joined: Apr 01, 2007
Posts: 58
Thanks Satou !!

It works.It's the typo caused trouble.

Grace
 
 
subject: security-role-ref and isUserInRole( )
 
Similar Threads
Security tags
Declarative security in web.xml?? is this secure??
need help,2 questions
Is auth-constraint related to security-role?
req.isUserInRole("admin"); return false??