• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

isUserInRole() doubt

 
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Dear friends,

Can the isUserInRole() method return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor?


Regards,
Vijay
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. That would be a security problem otherwise.
 
Ranch Hand
Posts: 206
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<web-app>
................
<security-role-ref>
<role-name>BOSS</role-name> <-- This is hard coded in the servlet code.
<role-link>manager</role-link> <-- This is the name that is defined in the <security-role> element.
</security-role-ref>
...............
</web-app>

============

isUserInRole("BOSS")

this methods would you call in the servlet to check whether the requesting user belongs to "manager" role or not
 
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
just add on to this thread,
IS this method isUserInRole() can be used only in doPost() ot doGet() methods, OR we can use it anywhere in the entire servlet??
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Poonam Agarwal wrote:IS this method isUserInRole() can be used only in doPost() ot doGet() methods, OR we can use it anywhere in the entire servlet??


It's not a static method, so you need an object instance to invoke it on. Do you know which class this method belongs to, and thus what kind of object is needed?
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:

It's not a static method, so you need an object instance to invoke it on. Do you know which class this method belongs to, and thus what kind of object is needed?



Yes Ulf, it is declared in the HttpServletRequest inferface public boolean isUserInRole(java.lang.String role), so i guess we can use this method in the any of the doxxx() methods plus in the service method also.

Please correct me if I am wrong
 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you all very much for the replies and the discussions...


Regards,
Vijay
 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic