Re: Principal User, UserInRole, isSecure

Tue, 26 Sep 2000 19:05:20 -0700 

sun_king wrote:

> just saw the following in Jason Hunter's
> http://www.javaworld.com/javaworld/jw-10-1999/jw-10-servletapi_p.html:
>
>   out.println("The current user is: " + req.getUserPrincipal());
>   out.println("Is the user a Manager? " + req.isUserInRole("Manager"));
>   out.println("Is our connection secure? " + req.isSecure());
>
> how do you set the UserPrincipal(), set one or more roles
> (.isUserInRole("Manager")) and set a page as secure?
> any short examples?
>

You (that is, the servlet developer) do not set these things -- your servlet
container sets them for you.

For the 2.2 or later version of the servlet API, you get to declare in your web.xml
file (using a <security-constraint> element) the portions of the address space in
your web app that you want protected, and what "roles" that authenticated users
must possess in order to access the restricted areas.  Also, you declare with a
<login-config> element which approach to login authentication is done.

How you configure your servlet container for security is specific to each
container.  For example, in Tomcat the default security setup uses a simple XML
file ($TOMCAT-HOME/conf/tomcat-users.xml) to identify all valid users and the roles
they possess, but this can be customized in the server configuration.

For more information, I would start with the Servlet API Specification, version
2.2, available at <http://java.sun.com/products/servlet/download.htlm>.

>
> thanx ahead of time
> jf
>

Craig McClanahan

====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to