Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

isUserInRole() rules

 
Peter Warde
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is it correct that the method of HttpServletRequest isUserInRole(String roleName) works like this in relation to the DD:

- first checks the DD for the <role-name> element of <security-role-ref> for a match
- if it doesn't find the above match, it checks the <role-name> of <security-role> for a match
- if it doesn't find a match in either case it returns false

otherwise

- if it does find a match in either case but the user is not authenticated then it returns false
- if it does find a match and the user is authenticated it returns true

I think this is corrcet from my understanding of the spec, but just to be sure can anyone confirm it is so.

Thanks
 
kapil munjal
Ranch Hand
Posts: 298
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

- if it doesn't find the above match, it checks the <role-name> of <security-role> for a match

I think the second line which you have written is not correct.

According to my understanding about this...it only checks <security-role-ref> and if doesn't find a match it returns false..

Kapil
 
Peter Warde
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Servlet Spec says 12.3

"If no security-role-ref element matching a security-role element has been declared, the container must default to checking the role-name argument against the list of security-role elements for the web application."

I think this means that second line is true.

Any comments

Peter
 
Jose Esteban
Ranch Hand
Posts: 102
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you are right.
 
kapil munjal
Ranch Hand
Posts: 298
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
May be my understanding is wrong about this.

I studied about this in HF servlets and jsp, I need to confirm from that again, what exactly does it say...

Kapil
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic