Can a user be assigned more than one role in Java EE/Java? Like a user can be administrator and reporting-user at the same time. Both user roles can access the same resources but the admin can also access admin pages.
Asked
Active
Viewed 420 times
1
Arjan Tijms
- 37,782
- 12
- 108
- 140
Muhammad Imran Tariq
- 22,654
- 47
- 125
- 190
2 Answers
1
Yes, the roles can overlap in Java EE. You can dictate this by providing different realms for the same user that lets a user access different roles at once. The procedure for creating this varies according to the application server that you are using, but the basic concept behind this authentication remains the same.
Arjan Tijms
- 37,782
- 12
- 108
- 140
Sumit Bisht
- 1,507
- 1
- 16
- 31
1
Yes, a user (caller principal) in Java EE can have zero, one or more roles. There is no need for multiple realms/auth modules/zones or whatever the proprietary terminology a specific server uses.
Specifically, something like HttpServletRequest#isUserInRole can return true for roles 'foo' and 'bar' for the same user.
Arjan Tijms
- 37,782
- 12
- 108
- 140