This week's book giveaway is in the Python forum.
We're giving away four copies of Python Continuous Integration and Delivery and have Moritz Lenz on-line!
See this thread for details.
Win a copy of Python Continuous Integration and Delivery this week in the Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
Bartenders:
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

[jdiscuss][mock][question]  RSS feed

 
Ranch Hand
Posts: 431
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi friends
I got a question as follows:



My answer was B. But the answer given was A. How it is possible?. As far as I know if we use the name given in <role-link> directly in the isUserInRole() method then it should directly map to the role. Am I right?
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

<security-role-ref>
<role-name>manager</role-name>
<role-link>supervisor</role-link>
</security-role-ref>



<security-role-ref> element, combined with <security> element can link a security role name used in a servlet as the argument to HttpServletRequest.isUserInRole() method to a role name known by the web container. All role names definded by <security-role> elements must be mapped to users and/or groups known by the web container. How this is done is container dependent. The <security-role-element> allows you to use servlet that uses a role name in the isUserRole() method that is not defined by a <security-role> elemnt. A typical scenario where this can be useful is whem you combine servlets from different sources into one application, and the servlets use different role names for tyhe same logical role.

So I think the given answer is correct.

Thanks
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!