O'Reilly logo

Special Edition Using Java™ 2 Enterprise Edition by Mark Wutka

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Checking Security Roles Programmatically

Role-based authentication is nice when you can partition pages based on a role, but you can rarely make this kind of authentication seamless. Suppose, you want to set up pages that can only be run by someone in a manager role. Obviously you can group the pages into a separate Web resource collection and specify a role name of manager in the <auth-config> tag for the collection. The problem is determining where to put the links to the manager-only pages.

If you put them on a page that everyone can access, the nonmanager users might click the link and see an error page. Although this mechanism does secure your application, it doesn't make it pretty.

Tip

A user should never see an error page as part of the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required