Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

<security-role-ref>

 
Lucas Smith
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to ask why this tag is a child of <servlet> but not of <web-app...>.
Is there any deeper reason?

And one more question:
Should we use:
<security-role></security-role> in web.xml?
I did not put it and everything works fine. Users' passwords are in tomcat-users.xml.
 
Kosala W.Abayagunawardene
Ranch Hand
Posts: 47
Firefox Browser Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lucas Smith wrote:I would like to ask why this tag is a child of <servlet> but not of <web-app...>.
Is there any deeper reason?



We use a <security-role-ref> where roles of a servlet may appear the same as web app's (Admin is in both) but they may be having different meaning.

eg. servlet - admin - administrative role
web-app - admin - lesser access role
- administrator - administrative role --> this must be mapped to admin in <security-role-ref> so the web app understands what servlet means.


this way you dont have to recode that other developer created servlet every time you use it in your web app
 
Lucas Smith
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do not understand it to the end. Why <security-role-ref> is not a child of <web-app...>?
 
Kosala W.Abayagunawardene
Ranch Hand
Posts: 47
Firefox Browser Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lucas Smith wrote:I do not understand it to the end. Why <security-role-ref> is not a child of <web-app...>?


because Its used for mapping a Specific servlets (developed buy a developer that is not from your company which has given different role name or same role names with different meaning ) role to your web app's roles.
 
Lucas Smith
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, thanks.

And one more question:
Should we use:
<security-role></security-role> in web.xml?
I did not put it and everything works fine. Users' passwords are in tomcat-users.xml.
 
Lucas Smith
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyone?
 
Ankit Garg
Sheriff
Posts: 9521
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are supposed to put <security-role> tag for each security role you want to access in your application. If a container is allowing you to use roles not defined in web.xml, then its container specific and not guaranteed in the spec...
 
Lucas Smith
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic