This week's book giveaway is in the Open Source Projects forum.
We're giving away four copies of Spark in Action and have Jean-Georges Perrin on-line!
See this thread for details.
Win a copy of Spark in Action this week in the Open Source Projects forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

The Order of the security-role Element in DTD

 
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In the Servlet 2.3 Specification, p. 91, the <security-role> element is placed after the <login-config>:
<!ELEMENT web-app (icon?, display-name?, description?,
distributable?, context-param*, filter*, filter-mapping*,
listener*, servlet*, servlet-mapping*, session-config?, mime-
mapping*, welcome-file-list?, error-page*, taglib*, resource-
env-ref*, resource-ref*, security-constraint*, login-config?,
security-role*, env-entry*, ejb-ref*, ejb-local-ref*)>
however, there is an example in p. 118 showing that the <security-role> element is placed before the <servlet> element:
<web-app>
<display-name>A Secure Application</display-name>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<servlet-name>catalog</servlet-name>
<servlet-class>com.mycorp.CatalogServlet
</servlet-class>
<init-param>
<param-name>catalog</param-name>
<param-value>Spring</param-value>
</init-param>
<security-role-ref>
<role-name>MGR</role-name>
<!-- role name used in code -->
<role-link>manager</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>catalog</servlet-name>
<url-pattern>/catalog/*</url-pattern>
</servlet-mapping>
...
...
...
</web-app>
Does the order of the <security-role> matter?
 
Sheriff
Posts: 3341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nice catch, you need to send a feedpack to Sun at servletapi-feedback@eng.sun.com
The order must follow the DTD. I tried to run Tomcat 4.0 with that example and get:

PARSE error at line 7 column -1
org.xml.sax.SAXParseException: Element "web-app" does not allow "servlet" here.
Starting service Tomcat-Apache
Apache Tomcat/4.0-b7

When it starts up.
Carl
[This message has been edited by Carl Trusiak (edited September 27, 2001).]
 
Ranch Hand
Posts: 150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by JiaPei Jen:
Does the order of the <security-role> matter?


Simple answer -- yes, that's what the DTD says, however some servers are less strict in enforcing this. Tomcat is not one of them
 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I have gone thru the servlet specs and noticed the DD you have mentioned. For me its seems Right. This is how I explain. <security-role-ref> is a property of servlet tag and to define a
<security-role-ref> we need to define the <role-name> and <role-link> tags out of which <role-name> should be in accordance with that of <security-role>'s <role-name> already defined in a DD. Thats the reason why we should define <security-role> before hand.
Also I didn't notice anything in specs which indicate the order of these tags. If anyone had please point it out for me.
 
Tim Duncan
Ranch Hand
Posts: 150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Praveena Surapaneni:
Also I didn't notice anything in specs which indicate the order of these tags. If anyone had please point it out for me.


The servlet spec contains the DTD for the deployment descriptor. The DTD specifies the elements that can occur in the deployment descriptor, how those elements are made up, whether they are optional etc, and the order that they can appear. That is what the ELEMENT definitions mean.
To quote the W3C:

content particles occurring in a sequence list must each appear in the element content in the order given in the list.




[This message has been edited by Tim Duncan (edited September 28, 2001).]
 
    Bookmark Topic Watch Topic
  • New Topic