• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt regarding request.isUserInRole()

 
Mohit Chadha
Ranch Hand
Posts: 264
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Following is a question from a Mock exam.

Consider the following web.xml code snippet:

<servlet>
<servlet-name>BankServlet</servlet-name>
<servlet-class>com.abc.bankapp.BankServlet</servlet-class>
<security-role-ref>
<role-name>manager</role-name>
<role-link>supervisor</role-link>
</security-role-ref>
</servlet>

Which of the following statements are correct?
1)The servlet code should use "manager" as a parameter in request.isUserInRole() method.
2)The servlet code can use "manager" or "supervisor" as a parameter in request.isUserInRole() method.
3)The servlet code should use"supervisor" as a parameter in request.isUserInRole() method.
4)The role of "manager" must be defined in the servlet container.
5)None of these.

The answer is (1), but I think the answer should be (2) as we are using <security-role-ref> we will be declaring
<security-role>
<role-name>supervisor</role-name>
</security-role>
and hence we can call request.isUserInRole() with "manager" or "supervisor" as a parameter.
Please correct me if I am wrong.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would say 1 and 2. You should use "manager", but you can use "supervisor" (but it's not a good practice)
 
Mohit Chadha
Ranch Hand
Posts: 264
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Satou!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic