• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

The Order of the security-role Element in DTD

 
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In the Servlet 2.3 Specification, p. 91, the <security-role> element is placed after the <login-config>:
<!ELEMENT web-app (icon?, display-name?, description?,
distributable?, context-param*, filter*, filter-mapping*,
listener*, servlet*, servlet-mapping*, session-config?, mime-
mapping*, welcome-file-list?, error-page*, taglib*, resource-
env-ref*, resource-ref*, security-constraint*, login-config?,
security-role*, env-entry*, ejb-ref*, ejb-local-ref*)>
however, there is an example in p. 118 showing that the <security-role> element is placed before the <servlet> element:
<web-app>
<display-name>A Secure Application</display-name>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<servlet-name>catalog</servlet-name>
<servlet-class>com.mycorp.CatalogServlet
</servlet-class>
<init-param>
<param-name>catalog</param-name>
<param-value>Spring</param-value>
</init-param>
<security-role-ref>
<role-name>MGR</role-name>
<!-- role name used in code -->
<role-link>manager</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>catalog</servlet-name>
<url-pattern>/catalog/*</url-pattern>
</servlet-mapping>
...
...
...
</web-app>
Does the order of the <security-role> matter?
 
Sheriff
Posts: 3341
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nice catch, you need to send a feedpack to Sun at servletapi-feedback@eng.sun.com
The order must follow the DTD. I tried to run Tomcat 4.0 with that example and get:

PARSE error at line 7 column -1
org.xml.sax.SAXParseException: Element "web-app" does not allow "servlet" here.
Starting service Tomcat-Apache
Apache Tomcat/4.0-b7

When it starts up.
Carl
[This message has been edited by Carl Trusiak (edited September 27, 2001).]
 
Ranch Hand
Posts: 150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by JiaPei Jen:
Does the order of the <security-role> matter?


Simple answer -- yes, that's what the DTD says, however some servers are less strict in enforcing this. Tomcat is not one of them
 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
I have gone thru the servlet specs and noticed the DD you have mentioned. For me its seems Right. This is how I explain. <security-role-ref> is a property of servlet tag and to define a
<security-role-ref> we need to define the <role-name> and <role-link> tags out of which <role-name> should be in accordance with that of <security-role>'s <role-name> already defined in a DD. Thats the reason why we should define <security-role> before hand.
Also I didn't notice anything in specs which indicate the order of these tags. If anyone had please point it out for me.
 
Tim Duncan
Ranch Hand
Posts: 150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Praveena Surapaneni:
Also I didn't notice anything in specs which indicate the order of these tags. If anyone had please point it out for me.


The servlet spec contains the DTD for the deployment descriptor. The DTD specifies the elements that can occur in the deployment descriptor, how those elements are made up, whether they are optional etc, and the order that they can appear. That is what the ELEMENT definitions mean.
To quote the W3C:

content particles occurring in a sequence list must each appear in the element content in the order given in the list.




[This message has been edited by Tim Duncan (edited September 28, 2001).]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic