In the Servlet 2.3 Specification, p. 91, the <security-role> element is placed after the <login-config>: <!ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mime- mapping*, welcome-file-list?, error-page*, taglib*, resource- env-ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*)> however, there is an example in p. 118 showing that the <security-role> element is placed before the <servlet> element: <web-app> <display-name>A Secure Application</display-name> <security-role> <role-name>manager</role-name> </security-role> <servlet> <servlet-name>catalog</servlet-name> <servlet-class>com.mycorp.CatalogServlet </servlet-class> <init-param> <param-name>catalog</param-name> <param-value>Spring</param-value> </init-param> <security-role-ref> <role-name>MGR</role-name> <!-- role name used in code --> <role-link>manager</role-link> </security-role-ref> </servlet> <servlet-mapping> <servlet-name>catalog</servlet-name> <url-pattern>/catalog/*</url-pattern> </servlet-mapping> ... ... ... </web-app> Does the order of the <security-role> matter?
Nice catch, you need to send a feedpack to Sun at firstname.lastname@example.org The order must follow the DTD. I tried to run Tomcat 4.0 with that example and get: PARSE error at line 7 column -1 org.xml.sax.SAXParseException: Element "web-app" does not allow "servlet" here. Starting service Tomcat-Apache Apache Tomcat/4.0-b7
When it starts up. Carl [This message has been edited by Carl Trusiak (edited September 27, 2001).]
Hi I have gone thru the servlet specs and noticed the DD you have mentioned. For me its seems Right. This is how I explain. <security-role-ref> is a property of servlet tag and to define a <security-role-ref> we need to define the <role-name> and <role-link> tags out of which <role-name> should be in accordance with that of <security-role>'s <role-name> already defined in a DD. Thats the reason why we should define <security-role> before hand. Also I didn't notice anything in specs which indicate the order of these tags. If anyone had please point it out for me.
Originally posted by Praveena Surapaneni: Also I didn't notice anything in specs which indicate the order of these tags. If anyone had please point it out for me.
The servlet spec contains the DTD for the deployment descriptor. The DTD specifies the elements that can occur in the deployment descriptor, how those elements are made up, whether they are optional etc, and the order that they can appear. That is what the ELEMENT definitions mean. To quote the W3C:
content particles occurring in a sequence list must each appear in the element content in the order given in the list.
[This message has been edited by Tim Duncan (edited September 28, 2001).]