request.isUserInRole()
Jonathon Lee
page. If I first invoke
a servlet and forward the request to the jsp page the isUserInRole method
returns
the correct value for the currently authenticated user. But if I try
opening the jsp page directly
it invariably returns false. I looked at the access log and verified that
correct user principle is listed
for both requests.
I have the following section defined in my web.xml to declare the role
<servlet>
<servlet-name>AdminPage</servlet-name>
<jsp-file>/admin.jsp</jsp-file>
<security-role-ref>
<role-name>admin</role-name>
<role-link>managers</role-link>
</security-role-ref>
</servlet>
Is there something else I'm missing? why would the method work when
forwarding from a servlet?
Marko Milicevic
(admin) to your principals (eg. user bob and group foobar are mapped to role
admins)? I have been trying to get this question answered from the servlet
newsgroup.
Thanks Jonathon.
Marko.
.
Jonathon Lee <le...@zilliant.com> wrote in message
news:8ff26i$mqk$1...@newsgroups.bea.com...
Jonathon Lee
you should have a section in your web.xml with:
<security-role>
<role-name>managers</role-name>
</security-role>
and then you use either the deployer tool or weblogic.xml to map
that role to real princples like this :
<security-role-assignment>
<role-name>managers</role-name>
<principal-name>bob</principal-name>
<principal-name>foobar</principal-name>
</security-role-assignment>
this is basically how it works with ejb and you'd think it would be the
same,
but I've noticed that it only seems to work correctly if the role name is
the same
as the principle-name.
Marko Milicevic <mmili...@isolutionscorp.com> wrote in message
news:8fh52d$n7l$1...@newsgroups.bea.com...
Marko Milicevic
Thanks for the info Jonathon.
Marko.
.
Jonathon Lee <le...@zilliant.com> wrote in message
news:8fhis8$1be$1...@newsgroups.bea.com...