Re: Servlet API: how to obtain the roles list ?
Pierre, There is no way to do this using the servlet API but you could easily store your user and role information in a JDBC user repository and then query that repository for the user data you want. If you need to include the user repository with your webapp, we've used the Hypersonic SQL database. Gary Pierre-Laurent Ribault wrote: Hi, I want to obtain the list of the roles defined in the system from inside my servlet. I know where the roles are defined, and that I can check the user name and isUserInRole from the HttpServletRequest class, but I could not find out a method to list the existing users or roles. Is there such a method in the servlet API ? Pierre-Laurent Ribault [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin CEO and Founder Cafesoft 858.455.1800 x205 http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Servlet API: how to obtain the roles list ?
On Tue, 24 Dec 2002, Pierre-Laurent Ribault wrote: Date: Tue, 24 Dec 2002 10:48:44 +0900 From: Pierre-Laurent Ribault [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Servlet API: how to obtain the roles list ? Hi, I want to obtain the list of the roles defined in the system from inside my servlet. I know where the roles are defined, and that I can check the user name and isUserInRole from the HttpServletRequest class, but I could not find out a method to list the existing users or roles. Is there such a method in the servlet API ? At best, you'll be able to identify the security roles that *this* web application is interested in, by parsing the /WEB-INF/web.xml resource yourself, looking for security-role elements. It is perfectly reasonable to utilize authentication and authorization schemes (in a servlet container) that are not capable of enumerating all valid users or all valid roles. Therefore, there is no portable servlet API to access such information. Pierre-Laurent Ribault [EMAIL PROTECTED] Craig McClanahan -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]