I am studying how <security-role-ref> maps role name, below are my web.xml and snippet of BasicServlet class, I expected to isUserInRole("Manger") returns true, but it returns false, I don't know why?
---BasicServlet.java
System.out.println("Manger isUserInRole? " + req.isUserInRole("Manger") );
res.getWriter().println("Manger isUserInRole? " + req.isUserInRole("Manger"));
------ web.xml
<web-app>
<
servlet>
<servlet-name>BasicServlet</servlet-name>
<servlet-class>coreservlets.BasicServlet</servlet-class>
<security-role-ref>
<role-name>Manager</role-name>
<role-link>supervisor</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>BasicServlet</servlet-name>
<url-pattern>/FirstPractice/test</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/MySecurity/formlogin.html</form-login-page>
<form-error-page>/MySecurity/formerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>supervisor</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>declarative security
test</web-resource-name>
<url-pattern>/FirstPractice/test</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>supervisor</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
========
anybody knows?
Thanks
