Create a security-role-ref element with the role-name field.
If a security-role-ref element is not created during development, make
sure it is created during the assembly stage.When the isUserInRole method
is used, declare a security-role-ref element in the deployment descriptor
with a role-name subelement containing the role name that is passed to this
method. Because actual roles are created during the assembly stage of the
application, you can use a logical role as the role name and provide enough
hints to the assembler in the description of the security-role-ref element
to link that role to the actual role. During assembly, the assembler creates
a role-link subelement to link the role name to the actual role. Creation
of a security-role-ref element is possible if an assembly tool such as Rational
Application Developer (RAD) is used. You also can create the security-role-ref
element during assembly stage using an assembly tool.
After
development, a security-role-ref element can be created, as this example shows:
<security-role-ref>
<description>Provide hints to assembler for linking this role
name to an actual role here<\description>
<role-name>Mgr<\role-name>
</security-role-ref>
The preceding example is required
to secure an application programmatically. This action is particularly useful
when a Web application needs to access external resources and wants to control
the access to external resources using its own authorization table (external-resource
to remote-user mapping). In this case, use the getUserPrincipal or the getRemoteUser
methods to get the remote user and then it can consult its own authorization
table to perform authorization. The remote user information also can help
retrieve the corresponding user information from an external source such as
a database or from an enterprise bean. You can use the isUserInRole method
in a similar way.
During assembly, the assembler creates a role-link
element:
<security-role-ref>
<description>Hints provided by developer to map the role
name to the role-link</description>
<role-name>Mgr</role-name>
<role-link>Manager</role-link>
</security-role-ref>