• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Devaka Cooray
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Martijn Verburg
  • Frits Walraven
  • Himai Minh

Web.xml security

 
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Below is the security declaration from my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>prefix-get-manager</web-resource-name>
<url-pattern>/ManagerApplication/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

Now as soon as the user login, i authenticate the user, and he is a valid user, now i want the user to access "ManagerApplication", so how do the web application know that the user role is "manager" ? Do i need to put the "role" (manager) into session ? if i should then what should session variable name?
Any help is appreciated, thanks
Hari
 
Ranch Hand
Posts: 405
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I believe you should be able to check the isUserInRole("manager") method from the HttpServletRequest object.
HttpServletRequest
public boolean isUserInRole(String role)

What do you think.
Cj
 
Hari babu
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by cj jack:
I believe you should be able to check the isUserInRole("manager") method from the HttpServletRequest object.
HttpServletRequest
public boolean isUserInRole(String role)

What do you think.
Cj


Hi,
To check whether the user is "Manager", I can use isUserInRole(String role), But my question is who will put that role, its me programmer has to do that explicitly or its done in the web container. If i have to that explicity when and where do i need to specify the "Manager" role?
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This changes from server to server and also depends on the mechanism you are using to authenticate.
Essentially you need to say: 1) here is how to turn a string into a unique user name 2) here is how to turn a string into a unique group name 3) here is how to find if a member is in a group.
For example, I used Tomcat4 with the user and group details kept in a SecureWay LDAP database.
In the conf/server.properties file, the LDAP connection is set up like this:

This sets things up so that when a user puts in the name 'BOB', it gets turned into 'cn=BOB,o=organisation,dc=com.au,c=au' to pull the user out of LDAP. The password is checked against the 'userpassword' attribute.
When a user logs in and their details are loaded, (typically) the server will also load their roles at the same time.
Now we can give the short answer to your question: It is he application server that sets up the isUserInRole data, and this data is read-only.
Dave
 
Don't destroy the earth! That's where I keep all my stuff! Including this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic