Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

security - role - ref

 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I came across the following question on a Mock Exam.
Consider the follwing XML fragment occuring in web.xml of a webapp.


Which of the following methods would you call in the servlet to check whether the requesting user belongs to "manager" role or not?

Select 1 correct option.

(A) isUserInRole("BOSS")

(B) getUserRole("BOSS")

(C) isUserInRole("manager")

(D) getUserRole("manager")

(E) isSecure("manager")

The answer says (A). I wonder why (C) can not be correct.
If somebody could explain this concept, I would appreciate it.
Thanks in advance
Thambi
 
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
that is the definition, and why there is <security-role-ref>.

<security-role-ref><role-name>BOSS</role-name> <role-link>manager</role-link> </security-role-ref>


in here, the one defined in <role-name> is used for servlet programs, you can use isUserInRole() on it. the one in <role-link> is supposed to be defined in <security-role>, they are only visible to the web-container, not to your servlet. servlet only knows the role "BOSS".
this way, you servlet is hard-coded with role name "BOSS", but when you deploy your servlet, you can give it different alias names, those alias only web-container know them, you servlet does not need to be changed, it only knows "BOSS". that's how you deploy your servlet without re-code and compile.
 
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
may I put <role-name> a name which has been defined in <security-role>?
 
Kyle Tang
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
just keep in mind <role-name> is used by isUserInRole() and <role-ref> is supposed to be defined in <security-role>.
as long as you think what you are doing is following that rule, you can create the role alias mapping as you wish.
 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic