Get the tools you need to learn Java skills fast!
Video tutorials, eBooks, hands-on lab exercises, sample code.
Get started
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes isUserInRole() clarification please Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Badass: Making Users Awesome this week in the Game Development forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "isUserInRole() clarification please" Watch "isUserInRole() clarification please" New topic

isUserInRole() clarification please

Garlapati Ravi
Ranch Hand

Joined: Mar 05, 2008
Posts: 171
Hi All,

I was trying to understand the security related stuff which was there in web.xml in my project which i am working on, in a company.

they were doing request.isUserInRole("ViewPage"), to hide a perticular button.
But i dont see any entry in <security-role-ref> for "ViewPage" role in web.xml

i found an entry as below for "ViewPage",

no where in web.xml i found <security-role-ref> or <role-link> elements,
my question is, how come request.isUserInRole("ViewPage") is working ?


Ravi Kumar
SCWCD 5 - 89%, SCJP 1.4 - 90%
Musab Al-Rawi
Ranch Hand

Joined: Aug 06, 2007
Posts: 231
You will need the security-role-ref only in one case: if the developer is using his own names that don't map to roles defined in tomcat-users.xml. in this case you want to map the user defined roles used in the code to roles defined in realm.

I agree. Here's the link:
subject: isUserInRole() clarification please