March 2008
Intermediate to advanced
911 pages
20h 31m
English
The most common form of authorization in servlets is for the container to determine whether a specific servlet—and the invoking HTTP request method—can be called by a user who has been assigned a certain security “role”. So the first step is to map the roles in the vendor-specific “users” file to roles established in the Deployment Descriptor.

VENDOR-SPECIFIC:
The <role> element in tomcat-users.xml

The deployer creates <role-name> elements in the DD, so that the Container can map roles to users.
Read now
Unlock full access