web.xml and security


Web tier: servlets, JSP, Web frameworks: web.xml and security

  1. web.xml and security (1 messages)

    Below is the security declaration from my web.xml


    No was soon as the user login, i authenticate the user, and he is a valid user, now i want the user to access "ManagerApplication", so how do the web application know that the user role is "manager" ? Do i need to put that "role" into session ? if i should then what should session variable name?

    Any help is appreciated, thanks
  2. web.xml and security[ Go to top ]

    Access control is the responsibilty of the web container, you just have to make sure that when a user logs in, he becomes a member of a Group named "manager". This might include changing some container-specific descriptors (like weblogic.xml in WebLogic), adding something to your database or security-realted classes.

    Users without this authorization will be thrown to a login page whenever they try to access a forbidden URL.