On Tue, 24 Dec 2002, Pierre-Laurent Ribault wrote:
> Date: Tue, 24 Dec 2002 10:48:44 +0900 > From: Pierre-Laurent Ribault <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Servlet API: how to obtain the roles list ? > > Hi, > > I want to obtain the list of the roles defined in the system from inside > my servlet. I know where the roles are defined, and that I can check > the user name and isUserInRole from the HttpServletRequest class, but I > could not find out a method to list the existing users or roles. Is > there such a method in the servlet API ? At best, you'll be able to identify the security roles that *this* web application is interested in, by parsing the "/WEB-INF/web.xml" resource yourself, looking for <security-role> elements. It is perfectly reasonable to utilize authentication and authorization schemes (in a servlet container) that are not capable of enumerating all valid users or all valid roles. Therefore, there is no portable servlet API to access such information. > > Pierre-Laurent Ribault > [EMAIL PROTECTED] Craig McClanahan -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
