This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Confirmation required about <security-role> element. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Confirmation required about <security-role> element." Watch "Confirmation required about <security-role> element." New topic
Author

Confirmation required about <security-role> element.

Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

In a Web application, what is the usage of <!ELEMENT security-role (description?, role-name)>? If I don't declared the roles used in the web application, what is the impact?

Just to inform the container, that these are the roles used in the application?

Thanks!


|BSc in Electronic Eng| |SCJP 6.0 91%| |SCWCD 5 92%|
Parth Twari
Ranch Hand

Joined: Jan 20, 2010
Posts: 163
Just to inform the container, that these are the roles used in the application?


yes

if you dont tell container about roles used in application then the things such as isUserinRole and <auth-constraint><role-name>
won't recognize the roles.


Parth Tiwari
| Pursuing Bachelor of Engineering | OSUM Club Leader | SCJP 6 | SCWCD 5 |...
Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

Thanks Parth, Don't the server get them from the Database, if it used?
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1661
    
  25

Don't the server get them from the Database, if it used?

When designing a web-app you will have to think of the different actors involved in your use-cases. These groups of users you will have to make available to the container by using the <security-role> element.

How you map explicit users to a role-name is typically done by storing that information (user and roles) in a database. This is however not necessary, in tomcat, you can define them in a simple property file (tomcat-users.xml)

Regards,
Frits
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Confirmation required about <security-role> element.