> > Q1: > > === > > > > If GenericPrincipal isn't available from webapps, is there > another way to > > get at the complete list of roles for a given user and their password? > > > > Not from a webapp through a portable API. What you see (isUserInRole()) > is what you get. > > However, properly configured web.xml files will have <security-role> > elements for all of the role names that are referenced by that webapp, so > you might try reading them (by parsing /WEB-INF/web.xml) and trying all of > those names through isUserInRole(). Of course, that doesn't help you if > the webapp doesn't define them all ...
... or if the set of all roles is dynamic, a shortfall of the declarative servlet security API. > > I need the complete list of roles for the current user and password to > > implement a connector from Cocoon authentication to the container > > authentication. > > > > It's not at all clear to me that every possible Realm implementation will > be able to articulate such a list -- or that the list won't change over > time. For example, it's perfectly feasible to implement a Realm that says > "user Joe has this role, but only from 8am to 5pm on weekdays". It sounds > like the Cocoon folks might want to do a little more thinking about their > design. I don't know that it's their mistake, I'm just talking about wrapping the GenericPrincipal class. Isn't it true that you can't do that from _any_ webapp, much less Cocoon. E.g. given any of the current Tomcat Realms, how could you do your 'Joe' example? Thanks, Per P.s. I know you spend a huge amount of time helping people on this and other lists, so I hesitate to ask again but... Is the implementation of JAASRealm in 4.1 backwards compatible to 4.0.4? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
