Yes, I think you are right except for the case when xyz is user.anyone. 107.9.2.2 has a specific exclusion for that case.
The spec uses an unfortunate choice of wording in 107.9.2.2 to indicate what is included in the list of roles. It would be clearer if it used "implied by" instead of "encapsulated by". ben > Gurus! > > The Authorization interface has the methods > getRoles() and hasRole( String > ). > > I interpret that the Roles returned for an > Authorization instance, > includes; > > 1. The User object > 2. The User Groups that the User belongs to. > 3. The Action Groups that contains the User Groups > in 2. > > I conclude that after reviewing the Authorization > example in 107.3.2 and > assuming that > > if auth.hasRole( xyz ) is true, then xyz is part > of the array returned > by auth.getRoles() > > > Am I on the right track here, or got something > totally off the wall. > > > Cheers > Niclas_______________________________________________ > osgi-dev mailing list > osgi-dev@bundles.osgi.org > http://bundles.osgi.org/mailman/listinfo/osgi-dev > > _______________________________________________ osgi-dev mailing list osgi-dev@bundles.osgi.org http://bundles.osgi.org/mailman/listinfo/osgi-dev
