How does the web container know about the role of the user

107 Views Asked by me_digvijay At 14 May 2013 at 16:19

I am very new to web-app development and its security and trying to understand things around.

Everywhere I look for implementing security in my webapp they ask to use declarative security. For example in tomcat I can declare the roles in the tomcat-user.xml file like the following one.

<tomcat-users>
<user name="tomcat" password="s3cret" roles="manager-gui" />
</tomcat-users>

This part I can understand.

Now suppose I have added some of these roles in my web-app. Now a user of my web-app makes a request to some resource in my web-app. I want to know How do the container or I would know that with which role the user has made the request?

Thank you.

Original Q&A

There are 1 best solutions below

Michael Sanchez On 15 May 2013 at 02:42

Using Tomcat and JSP:

A DataSourceRealm can point to a database containing User and User Role tables, but using UserDatabaseRealm (points to tomcat-users.xml) works fine as well.

If you want to protect all jsp pages in a specific folder, add this to your web.xml

<security-constraint>
<web-resource-collection>
  <web-resource-name>Folder Description</web-resource-name>
  <url-pattern>/foldername/*</url-pattern>
</web-resource-collection>
<auth-constraint>
  <role-name>ROLE_ADMIN</role-name>
</auth-constraint>
</security-constraint>

If you want to know if a User has a specific role upon entering a page, you can use

boolean hasAdminRole = request.isUserInRole("ROLE_ADMIN");

How does the web container know about the role of the user

There are 1 best solutions below

Related Questions in SECURITY

Related Questions in WEB-APPLICATIONS

Related Questions in WEBSERVER

Related Questions in ROLES

Related Questions in DECLARATIVE-AUTHORIZATION

Trending Questions

Popular # Hahtags

Popular Questions