This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes isUserInRole()  not working Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "isUserInRole()  not working" Watch "isUserInRole()  not working" New topic
Author

isUserInRole() not working

Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 172
Hi Everyone
I am trying to use isuserInRole() of HttpServletRequest interface using "declarative side of programmatic security" methodology.
I have done the need full in the tomcat-user.xml file.
I think my web.xml is wrong...Please have a look at it and let me know where i am going wrong.
"manager" is the one i have given as a argument of isUserInRole method in my servlet.
Joe Areeda
Ranch Hand

Joined: Apr 15, 2011
Posts: 307
    
    2

Hi Tarun,

I haven't used this particular feature but I suspect the issue may be in the tomcat-users.xml file. Can you log in as the user in the role you want?

Joe


It's not what your program can do, it's what your users do with the program.
Ishan Pandya
Ranch Hand

Joined: Feb 06, 2012
Posts: 219

web.xml seems all right. Can you please show us the line of code that you used in tomcat-users.xml for defining "admin" role and the code from "your" Servlet class of doXXX method where you used isUserInRole().


OCPJP
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 172
Hi Ishan,
Here are the following files you asked for :

My servlet class

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41052
    
  43
So... none of the users has the role "manager". In fact, that role isn't even declared.


Ping & DNS - my free Android networking tools app
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 172
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 172
Tarun Oohri wrote:
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>

At the moment , an error is coming on <security-role-ref> stating :

cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/
javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41052
    
  43
Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41052
    
  43
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.

Put the security-role-ref element after the servlet-name and servlet-class elements.
Tarun Oohri
Ranch Hand

Joined: Feb 20, 2013
Posts: 172
Ulf Dittmer wrote:Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.

That error gone now will try adding security-constraint in web.xml and will let you know...
Thanks for the heads up...cheers!!!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: isUserInRole() not working
 
Similar Threads
he doesn't ask for authenticate
Problem with security constraints while doing authentication & authorization
How to configure multiple security-constraint elements in web.xml
How to: use Form based auth via JDBCRealm:oracle in Glassfish 3.0
Servlet Parameters null