HttpServletRequest isUserInRole() method will return a boolean value based on whether the role is present or not. Now if it is doing that it should have the full role list for the logged in user somewhere. How do I get that full role list?
Asked
Active
Viewed 9,807 times
6
-
2*it should have the full role list for the logged in user*: no: it could check that the user has the role by querying an LDAP directory, or a database, or anything else. – JB Nizet Jan 31 '13 at 21:56
1 Answers
2
isUserInRole() uses the request's SecurityContext, which your authenticator needs to set. The SecurityContext interface does not supply a method to allow you to access this information, but you could do something in your authenticator to make the information accessible as a provider, or add it as a request attribute and access it that way.
-
Agreed. It could be that you have a check like "isUserInRole(8)", and the context checks if the user has a lower number. In this scheme, there are an infinite number of roles, so it's couldn't be done. – cmonkey Jan 31 '13 at 22:10
-
SecurityContext is an EE-ism. It isn't present in Tomcat or other non-EE servlet containers. He hasn't said anything about EE. – user207421 Jan 31 '13 at 23:39