• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Programmatic security

 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These lines are straight from Servlet Specification:

If no security-role-ref element matching a security-role element has
been declared, the container must default to checking the role-name element
argument against the list of security-role elements for the web application.
The isUserInRole method references the list to determine whether the caller
is mapped to a security role. The developer must be aware that the use of
this default mechanism may limit the flexibility in changing rolenames in
the application without having to recompile the servlet making the call.


Could anybody please focus some light on this? How the things are done?



Thanks,
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The string you use in isUserInRole will be scanned in the deployment descriptor by the container. For example : isUserInRole("FOO").
The container will first check if there is a security-role-ref for this servlet, whose link is called FOO, and match it to a security-role. If there's none, the container will look for security-role declared in the application.


and


It allows you to change real role names, without changing your Java source code.

[ July 15, 2007: Message edited by: Christophe Verre ]
[ July 16, 2007: Message edited by: Christophe Verre ]
 
anil kumar
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
----------------------------------
<role-name>manager</role-name>
-----------------------------------

I think we have to write like this.
<role-link>manger</role-link>

And what does this mean?
--------------------------------------------------------------------------
If there's none, the container will look for security-role declared in the application.
-------------------------------------------------------------------------


Thanks

Anil Kumar

[ July 15, 2007: Message edited by: anil kumar ]
[ July 16, 2007: Message edited by: anil kumar ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think we have to write like this.

Corrected. Thanks.
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Satou & Anil for your kind response.

I still want some clarification on the following lines:


The developer must be aware that the use of
this default mechanism may limit the flexibility in changing rolenames in
the application without having to recompile the servlet making the call.





Thanks,
[ July 16, 2007: Message edited by: Chandra Bhatt ]
 
Atul Sawant
Ranch Hand
Posts: 304
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Chandra...hope you are doing good.

I guess, they want to say that control the role deployment wise instead of the default mechanism where if you do not use the security-role-ref then all the role names in the servlets should EXACTLY match what is declared in security-role.

You get the flexibility and a choice with security role ref. Especially, when the programmer and the deployer is different person.

Hope you got the point.

take care!
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah Atul!
It makes the thing more clear.

Thanks,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic