java 为什么我在 web.xml 中列出 jdbcRealm 数据库中的安全角色?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15223318/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why do I list security roles in web.xml when they're in jdbcRealm database?
提问by karolkpl
I run JavaEE 6 web application on Glassfish 3. I use JAAS with jdbcRealm and default principal to role mapping. In my database I have table for mapping usernames to their roles:
我在 Glassfish 3 上运行 JavaEE 6 Web 应用程序。我将 JAAS 与 jdbcRealm 和默认主体用于角色映射。在我的数据库中,我有用于将用户名映射到其角色的表:
username | role
----------+-------
john | admin
mary | user
Why do I need to list these roles once again in my web.xml?
为什么我需要在我的web.xml?
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
Without that isUserInRole()always returns false.
没有那个isUserInRole()总是返回false。
采纳答案by Jacek Laskowski
You don't redefine security roles in web.xml. You list them so an application server knows about their use in your code.
您不会在web.xml. 您列出它们,以便应用程序服务器知道它们在您的代码中的使用。
When you deploy a secured application, an application server reads a deployment descriptor to solicit information about security configuration. It knows about roles that are used in your application. The application can then use the roles and expect the application server is able to map them to users and groups (that ultimately resolve to users again as users are the security finest building blocks).
部署安全应用程序时,应用程序服务器会读取部署描述符以请求有关安全配置的信息。它知道您的应用程序中使用的角色。然后应用程序可以使用角色并期望应用程序服务器能够将它们映射到用户和组(最终再次解析为用户,因为用户是安全性最好的构建块)。
Speaking of mapping roles to users, that's where a realm comes in. It offers the mapping so you know that a role X in a deployment descriptor maps to the role X in a database that in turn map to users A and B.
说到将角色映射到用户,这就是领域的用武之地。它提供了映射,因此您知道部署描述符中的角色 X 映射到数据库中的角色 X,而数据库中的角色 X 又映射到用户 A 和 B。
With that said, the database that's used by jdbcRealm has exactly the same roles because they're the keys to users that the application server needs to map to roles in the application.
话虽如此,jdbcRealm 使用的数据库具有完全相同的角色,因为它们是应用程序服务器需要映射到应用程序角色的用户的关键。
What you use in your code and a deployment descriptor is a logical name of a group of users that are resolved to real users via the mapping that's offered by the jdbcRealm.
您在代码和部署描述符中使用的是一组用户的逻辑名称,这些用户通过 jdbcRealm 提供的映射解析为真实用户。
