Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

role-link

 
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Snippet from Enthuware:


b is given as incorrect, stating
"... If the servlet code uses the name given in the <role-link> element, it might work but is not guaranteed to work."

Is this true? When will it not work?
 
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is from the spec
The isUserInRole method expects a String user role-name parameter. A
security-role-ref element should be declared in the deployment descriptor
with a role-name sub-element containing the rolename to be passed to the
method. A security-role element should contain a role-link sub-element
whose value is the name of the security role that the user may be mapped into. The
container uses the mapping of security-role-ref to security-role when
determining the return value of the call.
For example, to map the security role reference "FOO" to the security role
with role-name "manager" the syntax would be:
<security-role-ref>
<role-name>FOO</role-name>
<role-link>manager</role-link>
</security-role-ref>
In this case if the servlet called by a user belonging to the "manager" security
role made the API call isUserInRole("FOO") the result would be true.
If no security-role-ref element matching a security-role element has
been declared, the container must default to checking the role-name element
argument against the list of security-role elements for the web application. The
isUserInRole method references the list to determine whether the caller is
mapped to a security role. The developer must be aware that the use of this default
mechanism may limit the flexibility in changing rolenames in the application
without having to recompile the servlet making the call.
 
Jan Sterk
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah thanks, I also read that. I think that

... If no security-role-ref element matching a security-role element has
been declared, the container must default to checking the role-name element
argument against the list of security-role elements for the web application. The
isUserInRole method references the list to determine whether the caller is
mapped to a security role. ...



implies that in the above question, using 'supervisor' in isUserInRole is OK & legal.
 
I knew that guy would be trouble! Thanks tiny ad!
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic