Programatic Security?

Joe San

Ranch Hand

Posts: 10198

I like...

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Guys,

Will there be questions on programatic security on the exam??

SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!

Gowher Naik

Ranch Hand

Posts: 643

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

For programatic security you should know everything about
request.isUserInRole(String role)

Niranjan Deshpande

Ranch Hand

Posts: 1277

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

yes..
in a nutshell..

request.isUserInRole("manager");

<security-role-ref>
<role-link>manager</role-link>
<role-name>admin</role-name>
</security-role-ref>

the whold thing in programatic security is that we can use to authorize the user on some specific portions of a method, and also we can use it to map the hard coded roles in the servlet, to those that actually mean something to us..! in other words, "manager" was the role that made sense to some developer who wrot the security code, but when we inherited his code, our company has "admin" role which is equivalent to the role called "manager"
this helps us to avoid going around all the servlets and change the "manager" to admin"

hth

SCJP 1.4 - 95% [ My Story ] - SCWCD 1.4 - 91% [ My Story ]
Performance is a compulsion, not a option, if my existence is to be justified.

Consider Paul's rocket mass heater.