Easy answer ;-)
The Servlet API does not allow you to list existing roles. It only allows you to test whether a user is in a certain role, with isUserInRole(). The Request Security processor depends on this API.
-Erik
Damon Rand wrote:
Hi guys,
Heres another obscure bug report. ;-)
I am trying to display all Tomcat roles with the <request-security/> processor. The docs state:
"The Request Security Generator extracts information about the currently logged user from the HTTP request. Its optional configuration contains a list of roles the application developer is interested in. Only those roles will be listed in the generator's output if the role is present. "
However, on using it (v2.1) I have found that the <config/> element is not optional and that I can't display ALL roles a user has. The following processor returns no roles.
<p:processor uri="oxf/processor/request-security" xmlns:p="http://www.orbeon.com/oxf/pipeline";>
<p:input name="config">
<config>
</config>
</p:input>
<p:output name="data" ref="instance"/>
</p:processor>
But this works as documented.
<p:processor uri="oxf/processor/request-security" xmlns:p="http://www.orbeon.com/oxf/pipeline";>
<p:input name="config">
<config>
<role>admin</role>
<role>manager</role>
</config>
</p:input>
<p:output name="data" ref="instance"/>
</p:processor>
Regards,
Damon.
_______________________________________________ oxf-users mailing list [EMAIL PROTECTED] http://mail.orbeon.com/mailman/listinfo/oxf-users
