The
string you use in isUserInRole will be scanned in the deployment descriptor by the container. For example : isUserInRole("FOO").
The container will first check if there is a security-role-ref for this servlet, whose link is called FOO, and match it to a security-role. If there's none, the container will look for security-role declared in the application.
and
It allows you to change real role names, without changing your
Java source code.
[ July 15, 2007: Message edited by: Christophe Verre ]
[ July 16, 2007: Message edited by: Christophe Verre ]