There are now (at least) 3 different web security managers which could be in use by a web app (JDBC, JNDI, in-memory). How can I tell which one?
I am writing some general support classes to manage users and roles. To support a call like addUser() I need to know which security manager is in use so I can do the right thing. Doing things like checking for tomcat-usrs.xml or a particular security class don't seem adequate. Further, if the class is, say, JDBCRealm, I would like to also get the xml properties for connectionURL, connectionName, connectionPassword, etc. or maybe even the connection itself. It seems like this is something the servlet spec should address. Any suggestions? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions.
