File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes isUserInRole() clarification please Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "isUserInRole() clarification please" Watch "isUserInRole() clarification please" New topic

isUserInRole() clarification please

Garlapati Ravi
Ranch Hand

Joined: Mar 05, 2008
Posts: 171
Hi All,

I was trying to understand the security related stuff which was there in web.xml in my project which i am working on, in a company.

they were doing request.isUserInRole("ViewPage"), to hide a perticular button.
But i dont see any entry in <security-role-ref> for "ViewPage" role in web.xml

i found an entry as below for "ViewPage",

no where in web.xml i found <security-role-ref> or <role-link> elements,
my question is, how come request.isUserInRole("ViewPage") is working ?


Ravi Kumar
SCWCD 5 - 89%, SCJP 1.4 - 90%
Musab Al-Rawi
Ranch Hand

Joined: Aug 06, 2007
Posts: 231
You will need the security-role-ref only in one case: if the developer is using his own names that don't map to roles defined in tomcat-users.xml. in this case you want to map the user defined roles used in the code to roles defined in realm.

I agree. Here's the link:
subject: isUserInRole() clarification please
It's not a secret anymore!