Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

isUserInRole() doubt

 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Dear friends,

Can the isUserInRole() method return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor?


Regards,
Vijay
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. That would be a security problem otherwise.
 
Aaron Raja
Ranch Hand
Posts: 206
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<web-app>
................
<security-role-ref>
<role-name>BOSS</role-name> <-- This is hard coded in the servlet code.
<role-link>manager</role-link> <-- This is the name that is defined in the <security-role> element.
</security-role-ref>
...............
</web-app>

============

isUserInRole("BOSS")

this methods would you call in the servlet to check whether the requesting user belongs to "manager" role or not
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
just add on to this thread,
IS this method isUserInRole() can be used only in doPost() ot doGet() methods, OR we can use it anywhere in the entire servlet??
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Poonam Agarwal wrote:IS this method isUserInRole() can be used only in doPost() ot doGet() methods, OR we can use it anywhere in the entire servlet??

It's not a static method, so you need an object instance to invoke it on. Do you know which class this method belongs to, and thus what kind of object is needed?
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:

It's not a static method, so you need an object instance to invoke it on. Do you know which class this method belongs to, and thus what kind of object is needed?


Yes Ulf, it is declared in the HttpServletRequest inferface public boolean isUserInRole(java.lang.String role), so i guess we can use this method in the any of the doxxx() methods plus in the service method also.

Please correct me if I am wrong
 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you all very much for the replies and the discussions...


Regards,
Vijay
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic