I was trying to understand the security related stuff which was there in web.xml in my project which i am working on, in a company.
they were doing request.isUserInRole("ViewPage"), to hide a perticular button. But i dont see any entry in <security-role-ref> for "ViewPage" role in web.xml
i found an entry as below for "ViewPage",
no where in web.xml i found <security-role-ref> or <role-link> elements, my question is, how come request.isUserInRole("ViewPage") is working ?
SCWCD 5 - 89%, SCJP 1.4 - 90%
posted 7 years ago
You will need the security-role-ref only in one case: if the developer is using his own names that don't map to roles defined in tomcat-users.xml. in this case you want to map the user defined roles used in the code to roles defined in realm.