• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Programmatic security

 
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
These lines are straight from Servlet Specification:


If no security-role-ref element matching a security-role element has
been declared, the container must default to checking the role-name element
argument against the list of security-role elements for the web application.
The isUserInRole method references the list to determine whether the caller
is mapped to a security role. The developer must be aware that the use of
this default mechanism may limit the flexibility in changing rolenames in
the application without having to recompile the servlet making the call.



Could anybody please focus some light on this? How the things are done?



Thanks,
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The string you use in isUserInRole will be scanned in the deployment descriptor by the container. For example : isUserInRole("FOO").
The container will first check if there is a security-role-ref for this servlet, whose link is called FOO, and match it to a security-role. If there's none, the container will look for security-role declared in the application.


and


It allows you to change real role names, without changing your Java source code.

[ July 15, 2007: Message edited by: Christophe Verre ]
[ July 16, 2007: Message edited by: Christophe Verre ]
 
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
----------------------------------
<role-name>manager</role-name>
-----------------------------------

I think we have to write like this.
<role-link>manger</role-link>

And what does this mean?
--------------------------------------------------------------------------
If there's none, the container will look for security-role declared in the application.
-------------------------------------------------------------------------


Thanks

Anil Kumar

[ July 15, 2007: Message edited by: anil kumar ]
[ July 16, 2007: Message edited by: anil kumar ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I think we have to write like this.


Corrected. Thanks.
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Satou & Anil for your kind response.

I still want some clarification on the following lines:


The developer must be aware that the use of
this default mechanism may limit the flexibility in changing rolenames in
the application without having to recompile the servlet making the call.






Thanks,
[ July 16, 2007: Message edited by: Chandra Bhatt ]
 
Ranch Hand
Posts: 304
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Chandra...hope you are doing good.

I guess, they want to say that control the role deployment wise instead of the default mechanism where if you do not use the security-role-ref then all the role names in the servlets should EXACTLY match what is declared in security-role.

You get the flexibility and a choice with security role ref. Especially, when the programmer and the deployer is different person.

Hope you got the point.

take care!
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yeah Atul!
It makes the thing more clear.

Thanks,
 
My favorite is a chocolate cupcake with white frosting and tiny ad sprinkles.
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic