On broader level isUserInRole() is related to authorization or authentication?I think it is authorization as it returns boolean depending whether user is in specified role or not.But in specifications its written that even if user is not authenticated it will return false ( which is logical).
So is this concept related to authentication or authorization?
posted 8 years ago
Authorization. Authentication concerns itself with verifying that the user is who he says he is. Authorization is about determining which rights a particular user has AFTER he is authenticated (e.g., which roles he's in).