security-role question

Oct 15, 2006 10:32:00

Are these 2 methods for doing <security-role> both legal and equivalent?

Method 1:

Method2:

Oct 15, 2006 10:52:00

I found this fragment of text in the specs.

"The role-name used here must either correspond
to the role-name of one of the security-role elements
defined for this web application, or..."

Also... the DD pictorial diagram showed the security-role tag to have 0 or more occurances. So both are legal.

Oct 15, 2006 12:46:00

I was searching this forum for another (but related) question and came across these 2 discussions which seem to contradict multiple <role-name> elements in the <security-role> element.

security-role question (HFS related)

> 1 role-name in security-role

Anyone else care to weigh in and help clarify this?

Oct 15, 2006 13:54:00

You can have ONE role name per security-role, because that's what the schema says.

The relevant extract from the schema at j2ee_1.4 is:

- <xsd:complexType name="security-roleType">
- <xsd:annotation>
- <xsd ocumentation>
- <![CDATA[

The security-roleType contains the definition of a security
role. The definition consists of an optional description of the
security role, and the security role name.

Example:

<security-role>
<description>
This role includes all employees who are authorized
to access the employee service application.
</description>
<role-name>employee</role-name>
</security-role>

]]>
</xsd ocumentation>
</xsd:annotation>
- <xsd:sequence>
<xsd:element name="description" type="j2ee escriptionType" minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="role-name" type="j2ee:role-nameType" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID" />
</xsd:complexType>

So you can have as many <description> elements as you like, but only one <role-name> per <security-role>

Hope that helps.
[ October 15, 2006: Message edited by: Daniel Dalton ]

Oct 15, 2006 14:09:00

Yep. Your right and I did not look at the HFS&J errata beforehand which answers this question definatively.

[632] The last XML on the page;

the DD-XML:

<security-role>
<role-name>Admin</role-name>
<role-name>Member</role-name>
<role-name>Guest</role-name>
</security-role>

should read:

<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Member</role-name>
</security-role>
<security-role>
<role-name>Guest</role-name>
</security-role>

According to the servlet 2.4 spec, page 145 (13.4.19),
<role-name> is allowed only once within a <security-role>
element.

Thanks for the replys folks.

Oct 15, 2006 22:05:00

ahhh... I didnt know this was errata and it looks to be a big one. I was referring to the multiple <security-role> elements being valid but never looked up the <role-name> element. I thought, since its in the HF book, it must be true !

Oct 17, 2006 00:15:00

But having more than one <role-name> inside a <security-role> does works for me.

No matter. Try again. Fail again. Fail better. This time, do it with this tiny ad:

a bit of art, as a gift, the permaculture playing cards

https://gardener-gift.com