Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Servlets Search Coderanch
Advance search Google search
Register / Login
thread boost advertise on coderanch book review grid granny polymorphism
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
book review grid meaningless drivel thread boost advertise on coderanch building better world book
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

How Does The Security Role Mapping Work?

 
JiaPei Jen
Ranch Hand
Posts: 1309
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
I am studying the security part of the deployment descriptor. I am confused about how the mapping works.
Suppose we have
<security-role>
<role-name>manager</role-name>
</security-role>
and
<security-role-ref>
<role-name>FOO</role-name>
<role-link>manager</role-link>
</security-role-ref>
My first question is when a client of the servlet supplies a name for authentication, the name supplied should be FOO or can be, say, John Smith?
Then, according to the Servlet Specification, a security role is a logical grouping of users defined by the Application Developer
or Assembler. When the application is deployed, roles are mapped by a Deployer to principals or groups in the runtime environment.
My second question is how deployer maps the role, say, manager, to principals or groups in the runtime environment?
Thanks in advance.
 
Joe Gilvary
Ranch Hand
Posts: 152
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
I think these are both the same question. The user would not
authenticate with the role-name, but with a user name like
JohnSmith or whatever. If I change "John Smith" in your
question to "Joe", this example might help.
In a demo of the Tomcat 4 server I used this in a particular
web application's web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

Then, in the tomcat-users.xml, I defined the usernames for
the security roles:
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<user name="joe" password="secret" roles="tomcat,role1,manager" />
</tomcat-users>

I used Emacs but other app servers may have other tools for
doing this. The user information can come from a database, from
a directory service, etc.
Thanks,
Joe
 
Kyle Brown
author
Posts: 3892
5
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Yes, the previous poster is right. Each application server will have a different way of mapping roles to users or groups (say in an LDAP directory, which is the way WebSphere works). Check your application server documentation.
------------------
Kyle Brown,
Author of Enterprise Java (tm) Programming with IBM Websphere

Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.

 
pie. tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...