Hi Arun,
The mapping between user names and roles is left unspecified within 2.2
specification. It is supposed to be container specific so you would have
to learn how to do it in each specific container and then you would have
to redeploy this security part of your application every time you cahnge
containers. Fun, isn't it? A while ago, we had a lengthy discussion over
the security part of the 2.2 spec. and I was told this particular topic
might be covered in the next version of the spec. Meanwhile, every
container is specifying their own mapping mechanism and you start
getting container specific applications. It's not critical because it's
just this part that is container specific, but it's not good anyhow.
Regards,
Dan
-------------------------------------------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
-------------------------------------------
Arun Thomas wrote:
>
> Hello all,
>
> I've a question about the declarative security structure that becomes
> available
> with Servlet 2.2 & the new Web Application (WAR) concept.
>
> How is the mapping between user-name (possible stored in a database), and
> role
> actually performed? It looks like the server is expected to examine the
> authentication information and somehow magically figure out which user maps
> to
> which role. (Is this a server-specific method that can usually be
> configured when
> initializing the server?)
>
> Thanks for any help.
> -AMT
>
> ���`����,��,����`����,��,����`����,��,����`����,��,����`����,��,����`����,��
> ,��
>
> Arun Mammen Thomas
> Email: [EMAIL PROTECTED]
> Phone: (415) 547-7004
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
