Win a copy of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

isUserInRole() not working

 
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Everyone
I am trying to use isuserInRole() of HttpServletRequest interface using "declarative side of programmatic security" methodology.
I have done the need full in the tomcat-user.xml file.
I think my web.xml is wrong...Please have a look at it and let me know where i am going wrong.
"manager" is the one i have given as a argument of isUserInRole method in my servlet.
 
Ranch Hand
Posts: 334
2
Netbeans IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Tarun,

I haven't used this particular feature but I suspect the issue may be in the tomcat-users.xml file. Can you log in as the user in the role you want?

Joe
 
Ranch Hand
Posts: 228
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
web.xml seems all right. Can you please show us the line of code that you used in tomcat-users.xml for defining "admin" role and the code from "your" Servlet class of doXXX method where you used isUserInRole().
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ishan,
Here are the following files you asked for :

My servlet class

 
Rancher
Posts: 43024
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So... none of the users has the role "manager". In fact, that role isn't even declared.
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.


No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tarun Oohri wrote:

Ulf Dittmer wrote:So... none of the users has the role "manager". In fact, that role isn't even declared.


No, In the book they have said that the manager role will be mapped to the admin role through
<security-role-ref>
<role-name>manager</role-name>
<role-link>admin</role-link>
</security-role-ref>


At the moment , an error is coming on <security-role-ref> stating :

cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/
javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.
 
Ulf Dittmer
Rancher
Posts: 43024
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.
 
Ulf Dittmer
Rancher
Posts: 43024
76
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

cvc-complex-type.2.4.a: Invalid content was found starting with element 'security-role-ref'. One of '{"http://java.sun.com/xml/ns/javaee":description, "http://java.sun.com/xml/ns/javaee":display-name, "http://java.sun.com/xml/ns/javaee":icon, "http://java.sun.com/xml/ns/javaee":servlet-name}' is expected.


Put the security-role-ref element after the servlet-name and servlet-class elements.
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Sorry, I missed that. But you're not defining a security-constraint in the web.xml. security-role-ref only defines a mapping of roles, it does not cause that role to be required for anything.


That error gone now will try adding security-constraint in web.xml and will let you know...
Thanks for the heads up...cheers!!!
 
It looks like it's time for me to write you a reality check! Or maybe a tiny ad!
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic