Hi,
I can't get the <security-role-ref> to work in Tomcat 4 with the
security JSP.
I have added the following
<%
if (request.isUserInRole("Admin")) {
%>
User is in Admin role
<%
} else {
%>
User is NOT in Admin role
<%
}
%>
to jsp/security/protected/index.jsp in the distribution to Tomcat 4.
As security-role-ref is part of a servlet element of web.xml how do you
specify this with a JSP.
I tried adding the following to web.xml
<servlet>
<servlet-name>
Protected
</servlet-name>
<jsp-file>/jsp/security/protected/index.jsp</jsp-file>
<security-role-ref>
<description>Link between Admin and sysadmin</description>
<role-name>Admin</role-name>
<role-link>Tomcat</role-link>
</security-role-ref>
</servlet>
My user authenticates and is given the role 'Tomcat' but the Realm
hasRole() method is called with 'Admin'.
The code in HttpRequestBase does
public boolean isUserInRole(String role) {
...
if (wrapper != null) {
String realRole = wrapper.findSecurityReference(role);
if ((realRole != null) &&
realm.hasRole(userPrincipal, realRole))
return (true);
}
to map the servlet role to security-role so I guess I have not got
web.xml set up properly.
Any ideas?
Antony
--
Antony Bowesman
Teamware Group
[EMAIL PROTECTED]
phone: +358 9 5128 2562
fax : +358 9 5128 2705
intra / extra / Internet solutions at www.teamware.com
