• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Is auth-constraint related to security-role?

 
Ranch Hand
Posts: 59
Hibernate Redhat Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have searched HFS&J and Mikalai Zaikin's Notes and still don't understand this concept. Maybe the answer is there and I just missed it but:

Is the <role-name> element in <auth-constraint> related to the <role-name>
element in <security-role> ?


Edited to include a code example:




Thanks
[ October 15, 2006: Message edited by: Rick Roberts ]
 
Ranch Hand
Posts: 356
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello,

yes. Normally in auth-constraint only roles which are declared using security-role would be used.

Kai
 
Rick Roberts
Ranch Hand
Posts: 59
Hibernate Redhat Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does that mean that a <security-role> <role-name> is required before you can use <auth-constraint> <role-name> ?
 
Kai Witte
Ranch Hand
Posts: 356
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello,

without the security-role declaration the container would normally not be able to (or is not allowed to be able to?) map the role names in the auth-constraint to the ones that are set up in the container-specific configuration.

I recommend to just set up such a system, for example with the Tomcat MemoryRealm.

Kai
 
Rick Roberts
Ranch Hand
Posts: 59
Hibernate Redhat Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have set it up in my tomcat and I still don't get it.

It doesn't work the way that I expect it would I will probably be able to figure it out. I may have to reference the tomcat docs.

But more importantly, I don't think that HFS&J nor Mikalai's notes gives enough info to understand how this works.
 
reply
    Bookmark Topic Watch Topic
  • New Topic