Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

isUserInRole() clarification please

 
Garlapati Ravi
Ranch Hand
Posts: 171
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I was trying to understand the security related stuff which was there in web.xml in my project which i am working on, in a company.

they were doing request.isUserInRole("ViewPage"), to hide a perticular button.
But i dont see any entry in <security-role-ref> for "ViewPage" role in web.xml

i found an entry as below for "ViewPage",

no where in web.xml i found <security-role-ref> or <role-link> elements,
my question is, how come request.isUserInRole("ViewPage") is working ?

Regards,
Ravi
 
Musab Al-Rawi
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You will need the security-role-ref only in one case: if the developer is using his own names that don't map to roles defined in tomcat-users.xml. in this case you want to map the user defined roles used in the code to roles defined in realm.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic