Howdy !
I'm a bit confused about <security-role-ref>.
If I have a user mapped to "manager" in tomcat-users.xml - and do a
<security-role-ref>
<role-name>admin</role-name>
<role-link>manager</role-link>
</security-role-ref>
- then a check on isUserInRole("admin") == true as is isUserInRole("manager") - fair enough !
If I add an additional mapping (same
servlet)
<security-role-ref>
<role-name>manager</role-name>
<role-link>another_role</role-link>
</security-role-ref>
- then the above check still responds with 2 times true !
What did I miss out her ?
/Rgds, Henrik
Something really fancy in the signature