On Thu, 22 Mar 2001, Manish wrote:
> Also can someone explain me when my authentication is successful using
> JDBCRealm , how do I get the role information, cause only two attributes
> are set for the session (username and password). Do I have to go back in
> the roles table to get the role info or they are stored in someway in
> the session.
>
This answer is late, but I'm assuming "better late than never" ...
If a user has been successfully authenticated, then you can access role
information in one of two ways:
* You can define a security constraint that requires a certain role
before the request URI will be processed for this user. If the user
tries to access a prohibited page, they will receive a 501 error
("forbidden").
* You can programmatically ask if the currently authenticated user
has a certain role by saying something like:
if (request.isUserInRole("manager")) {
... this user is a manager ...
}
The JDBCRealm implementation takes care of reading the required
information from the roles table in the database for you. There is
nothing your application needs to worry about for this.
> TIA
>
> --
> Manish Poddar
> Paycom.net
> 310-827-5880 x 327
> 818-415-7447 (m)
>
>
Craig McClanahan
