First thanks for Craig for is explanations. I have missed that we can use the role link in jsp, so as you said I can in fact use only the web.xml to link the roles to real user/groups or roles in my deployment system.
My point, is that reading again the specification this is not very clarified. The deployer of the web application should only look at the <security-role>, and not care about the <security-role-ref>. Example Suppose I again the role AdminRole in my WebApp. In one production system i mapped this to "system role" root. In the web.xml we have something like: ... <security-role-ref> <role-name>AdminRole</role-name> <role-link>root</role-link> </security-role-ref> ... <security-role> <role-name>root</role-name> </security-role> ... If I want to port this to another system, and map role AdminRole to "system role" Administrator, I have not only to map <security-role> but also <security-role-ref>. It was a loot simpler if the deployer (even with tools) only have to map the security-role in the WebApp (this applies also to EJB, RAR's etc.) and not take care of security-role-ref. Note: I can live with this implementation of Tomcat (I think JRun 4 also uses the same approach), and know I can easily port my WebApplications to a production system using Tomcat -- Bruno Antunes, Java Software Engineer email: mailto:[EMAIL PROTECTED] Phone: +351.21.7994200 Fax : +351.21.7994242 WhatEverSoft - Java Center Centro de Competencia Java Praca de Alvalade, 6 - Piso 4 1700-036 Lisboa - Portugal URL: http://www.whatevernet.com _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informa��o considerada confidencial. Se o receptor desta mensagem n�o for o destinat�rio indicado, fica expressamente proibido de copiar ou endere�ar a mensagem a terceiros. Em tal situa��o, o receptor dever� destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
