• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authorisation-Doubt

 
vinod balaji
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone tell ne the difference between the security-role and auth-constraint tag. Both seems to be same. why we need security-role tag instead of auth-constraint.
 
Siddharth Purandare
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Vinod,

The <role-name> tag is over loaded in the web.xml.

<auth-constraint> is used inside one of the <security-contraint> tag in the web.xml where as <security-role> is global there is only one occurance) to the web.xml.

when you invoke isUserInRole() method it looks for <security-role> tag VIA <security-role-ref> tag inside the <servlet> tag.

I hope I am able to clarify your doubt. Others Let me know if I am wrong in explaining.
 
vinod balaji
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Siddharth,
from your answer i understand that the security-role is used only to map the container specific role-names to servlet specific role-names and it is nothing to do with authentication. I believe iam right, correct me if iam wrong.

Thanks once again
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic