• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

isUserInRole() doubt

 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If we use something like

is it mandatory to use the <security-role-ref> element in the DD...what if we just provide <security-role> and have Manager as <role-name>....it should work....isn't it?
 
Renu Radhika
Ranch Hand
Posts: 243
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
why should we use security-role-ref ,if we are not using a different role name in servlet from that of roles specified using security-role
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sayak, It is not mandatory ...

However, if you use your isUserInRole in your code, you make your servlet unusable for other projects/users as you have hard-coded a role.

To get rid of this problem, security-role-ref comes into the picture, where in, users of your servlet can declare this tag within the <servlet> tag (of their application's web.xml) and link their application's role to the role you have mentioned in your class.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic