On Mon, 12 Aug 2002, Per Kreipke wrote:
> Date: Mon, 12 Aug 2002 12:38:12 -0400
> From: Per Kreipke <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [Q] Realms, Principals, et al...
>
> I have a couple of security questions:
>
> Q1:
> ===
>
> If GenericPrincipal isn't available from webapps, is there another way to
> get at the complete list of roles for a given user and their password?
>
Not from a webapp through a portable API. What you see (isUserInRole())
is what you get.
However, properly configured web.xml files will have <security-role>
elements for all of the role names that are referenced by that webapp, so
you might try reading them (by parsing /WEB-INF/web.xml) and trying all of
those names through isUserInRole(). Of course, that doesn't help you if
the webapp doesn't define them all ...
> I need the complete list of roles for the current user and password to
> implement a connector from Cocoon authentication to the container
> authentication.
>
It's not at all clear to me that every possible Realm implementation will
be able to articulate such a list -- or that the list won't change over
time. For example, it's perfectly feasible to implement a Realm that says
"user Joe has this role, but only from 8am to 5pm on weekdays". It sounds
like the Cocoon folks might want to do a little more thinking about their
design.
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
