However, it can also refer to the value of the role-name subelement of the
security-role-ref element.
The security-role-ref is a subelement of servlet, which provides an alias
for a security role name that appears in the list of security role names under the
security-role element. For instance, suppose you acquired a precompiled
third-party servlet that was written to call request.isUserInRole("boss").
However, in your Web application you??™ve declared and have been using "manager"
to refer to the same concept. The following would permit the third-party servlet to
use "boss" to refer to the "manager" role declared in your Web app.
boss
manager
manager
2.11 Controlling Session Timeouts
If a session has not been accessed for a certain period of time, the server can throw it
away to save memory. You can explicitly set the timeout for individual session objects
by using the setMaxInactiveInterval method of HttpSession. If you do not
use this method, the default timeout is server specific. However, the session-
config and session-timeout elements can be used to give an explicit
timeout that will apply on all servers. The units are minutes, so the following example
sets the default session timeout to three hours (180 minutes).
Pages:
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125