This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Servlets and the fly likes isUserInRole()  not working Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "isUserInRole()  not working" Watch "isUserInRole()  not working" New topic
Author

isUserInRole() not working

Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 176
Hi Everyone
I am trying to use isuserInRole() of HttpServletRequest interface using "declarative side of programmatic security" methodology.
I have done the need full in the tomcat-user.xml file.
I think my web.xml is wrong...Please have a look at it and let me know where i am going wrong.
"manager" is the one i have given as a argument of isUserInRole method in my servlet.
Joe Areeda
Ranch Hand

Joined: Apr 15, 2011
Posts: 318
    
    2

Hi Tarun,

I haven't used this particular feature but I suspect the issue may be in the tomcat-users.xml file. Can you log in as the user in the role you want?

Joe


It's not what your program can do, it's what your users do with the program.
Ishan Pandya
Ranch Hand

Joined: Feb 06, 2012
Posts: 221

web.xml seems all right. Can you please show us the line of code that you used in tomcat-users.xml for defining "admin" role and the code from "your" Servlet class of doXXX method where you used isUserInRole().


OCPJP
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 176
Hi Ishan,
Here are the following files you asked for :

My servlet class

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42050
    
  64
So... none of the users has the role "manager". In fact, that role isn't even declared.


Ping & DNS - my free Android networking tools app
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 176
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 176
Tarun Oohri wrote:
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>

At the moment , an error is coming on <security-role-ref> stating :

cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/
javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42050
    
  64
Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42050
    
  64
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.

Put the security-role-ref element after the servlet-name and servlet-class elements.
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 176
Ulf Dittmer wrote:Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.

That error gone now will try adding security-constraint in web.xml and will let you know...
Thanks for the heads up...cheers!!!
 
GeeCON Prague 2014
 
subject: isUserInRole() not working