• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

auth-constraint vs security-role

 
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Q1)I want to know the difference between auth-constraint vs security-role?
As fas i think that
<auth-constaint> is one who can make constraint request to resource.
<security-role> is one who can make access the application.
Please correct if i am wrong?
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

<security-role> define the entries for the roles available to the application. The roles are provided by container, through its authentication mechanism. Tomcat, by default, uses tomcat-users.xml to define the users and roles.

Thanks
 
Ranch Hand
Posts: 102
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<auth...> is only when we want to...tell which resources are to be constrained

so at that time we use it depending upon the roles what we have mentioned
in the

<securtiy-role>

and also.. casing is very important when we mention in <auth
 
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Kajal,
What do you mean by constrained?
With regards,
Padma priya N.G.
 
kajal mukergi
Ranch Hand
Posts: 102
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
constrained means "conditions" that is when we what to access a particular....
source.. then.. we need to get permission so..

we will keep some condition which the user must satisfy.. to..get the.. particular source
 
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using the BASIC authentication the user is been prompted by the browser
to enter the name and password.
Based on that the role of the user can be found out using tomcat-users.xml.

From that point onwards the Container knows the role of the user accessing the application.

<security-role> defines the possible user roles in the Application using the <role-name> tag nested in that.

<auth-constraint> is constrainting a particular resource to a particular role using the <role-name> tag.

Take care constraining is not at the role level.It is role+httpmethod
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi James,
From where do we find the role of the user in tomcat-users.xml?
Can you please help me?
Thanks.
 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<tomcat-users> tag in tomcat-users.xml contains a nested <user> tag...
As an example.
<user name="JamesMark" password="007Gun$" roles="Admin,Guest">

Upon login we give username and password it is being mapped into the above
one and Container get the information that JamesMark has two roles ie Admin and Guest.

Now
<auth-constraint>Admin</auth-constraint>

allows JamesMark to access the urlpattern say
<url-pattern>/Bank/AddUser/*</url-pattern> defined in the one or many
<web-resource-collection> elements in the <security-constraint>.
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Mark,

<auth-constraint>Admin</auth-constraint>




You had mentioned Admin within auth-constraint which is an error. It should have been

<auth-constraint>
<role-name>Admin<role-name>
</auth-constraint>

Thanks.
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Am I right?
Thanks.
 
Ranch Hand
Posts: 242
Mac Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes Priya

You are right.

And kajal

<auth-constaint> is concernd about constrianing the request on the resource not the resource. Please ammend it.
while <security-role> is defining the various roles defined for the application.

Regards,
Khushhal
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Khushal,
Thanks.
 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
sorry it was a Friday and was planning to reach home fastly at that point in time....
sorry for the mistake.....
 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just working from my notes, I think it might be the case that
the relevant tag in tomcat-users.xml is

<role rolename="guest"/>

which is slightly different than the element in the auth-constraint
tagset:

<role-name>"guest"</role-name>

It helps to take note of this to avoid confusion.

Ken
 
You can't expect to wield supreme executive power just because
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic