Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

security - role - ref

 
Thambi Rajah
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I came across the following question on a Mock Exam.
Consider the follwing XML fragment occuring in web.xml of a webapp.


Which of the following methods would you call in the servlet to check whether the requesting user belongs to "manager" role or not?

Select 1 correct option.

(A) isUserInRole("BOSS")

(B) getUserRole("BOSS")

(C) isUserInRole("manager")

(D) getUserRole("manager")

(E) isSecure("manager")

The answer says (A). I wonder why (C) can not be correct.
If somebody could explain this concept, I would appreciate it.
Thanks in advance
Thambi
 
Kyle Tang
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
that is the definition, and why there is <security-role-ref>.
<security-role-ref><role-name>BOSS</role-name> <role-link>manager</role-link> </security-role-ref>

in here, the one defined in <role-name> is used for servlet programs, you can use isUserInRole() on it. the one in <role-link> is supposed to be defined in <security-role>, they are only visible to the web-container, not to your servlet. servlet only knows the role "BOSS".
this way, you servlet is hard-coded with role name "BOSS", but when you deploy your servlet, you can give it different alias names, those alias only web-container know them, you servlet does not need to be changed, it only knows "BOSS". that's how you deploy your servlet without re-code and compile.
 
jeffrey z. lee
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
may I put <role-name> a name which has been defined in <security-role>?
 
Kyle Tang
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
just keep in mind <role-name> is used by isUserInRole() and <role-ref> is supposed to be defined in <security-role>.
as long as you think what you are doing is following that rule, you can create the role alias mapping as you wish.
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!