This week's book giveaway is in the Other Languages forum.
We're giving away four copies of Functional Reactive Programming and have Stephen Blackheath and Anthony Jones on-line!
See this thread for details.
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

isUserInRole() not working

 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone
I am trying to use isuserInRole() of HttpServletRequest interface using "declarative side of programmatic security" methodology.
I have done the need full in the tomcat-user.xml file.
I think my web.xml is wrong...Please have a look at it and let me know where i am going wrong.
"manager" is the one i have given as a argument of isUserInRole method in my servlet.
 
Joe Areeda
Ranch Hand
Posts: 331
2
Java Netbeans IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tarun,

I haven't used this particular feature but I suspect the issue may be in the tomcat-users.xml file. Can you log in as the user in the role you want?

Joe
 
Ishan Pandya
Ranch Hand
Posts: 226
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
web.xml seems all right. Can you please show us the line of code that you used in tomcat-users.xml for defining "admin" role and the code from "your" Servlet class of doXXX method where you used isUserInRole().
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ishan,
Here are the following files you asked for :

My servlet class

 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So... none of the users has the role "manager". In fact, that role isn't even declared.
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tarun Oohri wrote:
Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.

No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>

At the moment , an error is coming on <security-role-ref> stating :

cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/
javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.

Put the security-role-ref element after the servlet-name and servlet-class elements.
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.

That error gone now will try adding security-constraint in web.xml and will let you know...
Thanks for the heads up...cheers!!!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic