Win a copy of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Authorisation doubt from hfsj ?

 
Ranch Hand
Posts: 924
1
Netbeans IDE Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
please refer page 664 of hfsj 2nd edition. the topic is regarding Authorisation. following is an excerpt from the book

The most common form of authorization in servlets is for the container
to determine whether a specific servlet—and the invoking HTTP request
method—can be called by a user who has been assigned a certain
security “role”. So the first step is to map the roles in the vendor-specific
“users” file to roles established in the Deployment Descriptor.




i couldnt understand why there should be a mapping between roles defined in vendor specific file to roles in DD ? why cant there by just one file, either vendor specific of DD ? also what does mapping do/how it is accomplished?
 
Creator of Enthuware JWS+ V6
Posts: 3392
312
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Gurpeet Singh,

i couldnt understand why there should be a mapping between roles defined in vendor specific file to roles in DD ?


The Servlet 3.0 specs don't specifiy how a specific user (or Principal) should be mapped onto a logical "role". This is vendor specific and therefore not part of the web.xml.

In Tomcat you can map a user to a role in the tomcat-users.xml file:
In other Application servers the file might be in another place and have another name.

The Tomcat ApplicationServer reads the tomcat-users.xml file when starting up. If you login into your web-application with the correct username and password (e.g. Jan, janjan) the web-application will know that Jan is in the logical "role" of readers and will allow everything that readers are allowed to do (and disallow everything that writers are allowed to do).

Regards,
Frits
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic