aspose file tools*
The moose likes Servlets and the fly likes isUserInRole()  not working Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "isUserInRole()  not working" Watch "isUserInRole()  not working" New topic
Author

isUserInRole() not working

Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 170
Hi Everyone
I am trying to use isuserInRole() of HttpServletRequest interface using "declarative side of programmatic security" methodology.
I have done the need full in the tomcat-user.xml file.
I think my web.xml is wrong...Please have a look at it and let me know where i am going wrong.
"manager" is the one i have given as a argument of isUserInRole method in my servlet.
Joe Areeda
Ranch Hand

Joined: Apr 15, 2011
Posts: 294
    
    2

Hi Tarun,

I haven't used this particular feature but I suspect the issue may be in the tomcat-users.xml file. Can you log in as the user in the role you want?

Joe


It's not what your program can do, it's what your users do with the program.
Ishan Pandya
Ranch Hand

Joined: Feb 06, 2012
Posts: 213

web.xml seems all right. Can you please show us the line of code that you used in tomcat-users.xml for defining "admin" role and the code from "your" Servlet class of doXXX method where you used isUserInRole().


OCPJP
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 170
Hi Ishan,
Here are the following files you asked for :

My servlet class

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
So... none of the users has the role "manager". In fact, that role isn't even declared.


Ping & DNS - updated with new look and Ping home screen widget
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 170
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 170
Tarun Oohri wrote:
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>

At the moment , an error is coming on <security-role-ref> stating :

cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/
javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.

Put the security-role-ref element after the servlet-name and servlet-class elements.
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 170
Ulf Dittmer wrote:Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.

That error gone now will try adding security-constraint in web.xml and will let you know...
Thanks for the heads up...cheers!!!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: isUserInRole() not working
 
Similar Threads
Problem with security constraints while doing authentication & authorization
he doesn't ask for authenticate
Servlet Parameters null
How to configure multiple security-constraint elements in web.xml
How to: use Form based auth via JDBCRealm:oracle in Glassfish 3.0