On Thu, 27 Feb 2003, Donald Ball wrote:
> Date: Thu, 27 Feb 2003 12:49:40 -0500 > From: Donald Ball <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: realm getRole() method ? > > >> There is no such facility in the servlet api. Given a user, there is no > >way > >> to get a list of roles to which the user belongs. I too find this a > >> distressing limitation in using container managed security. > > > >In some complex security scenarios, it is not always possible for a > >container to articulate all possible roles that a user can be a member of. > > I guess, but I don't really actually care about that functionality. I can't > see why it's not desirable to be able to get a list of roles that a user > _does_ belong to. > That is also not feasible (or at least potentially too expensive to be practical) when "role membership" is a calculation, and not a lookup. This is true, for example, when your roles implementation is a rules engine of some sort, rather than a database or directory server. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]