This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Servlets and the fly likes Server (Tomcat) Managed Role-Based Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » Servlets
Bookmark "Server (Tomcat) Managed Role-Based Authentication" Watch "Server (Tomcat) Managed Role-Based Authentication" New topic

Server (Tomcat) Managed Role-Based Authentication

JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
I am using the Tomcat 5.0.27. In order to use server managed "role-based" authentication, we supply the server with two tables. One of the tables containes userID and password, and the other tables contains userID and userRole (a person can have more than one role).

My difficulty stems from the tables are structured in my database. I do have a table that contains userID and password; however, I do not have a table that contains userID and userRole. In order to know a person's role, I have to navigate from one table to another using foreign key and primary key.

Is there a way to tell the server to navigate from one table to another to find a person's role? Or we "must" create a table that contains userID and userRole for us to use the isUserInRole() method for security check?
Mark Spritzler

Joined: Feb 05, 2001
Posts: 17271

I thought isUserInRole() was used to read the security roles defined in the web.xml, not from a database?


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
But, we have to map each user to his/her role somewhere. And it is in the server.xml file.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Server (Tomcat) Managed Role-Based Authentication
It's not a secret anymore!