Hi,
I need to check some permissions inside servlet code.
My solution was that i looked up "java:comp/env/security/securityMgr"
and test:
jsm.doesUserHaveRole(user, role)
it works for me fine in jboss 3.2.4rc1 with tomcat, but it doesn't in jboss 3.2.4rc1 with jetty. The problem was, that getUserRoles(request.getUserPrincipal()) returns null, but if i checked request.isUserInRole (somerole) was true.
I have some thoughts on this problem:
1/ my JbossSecurityMgr "usage pattern" isn't good ;-)
2/ there are some incopatibilities in current jetty (
AFAIK last changes touched mainly abstractWebContainer code, but maybe some modifications in realm are also needed)
3/ jboss realm in jetty doesn't support this type of permission checking at all.
which one is true ??
best regards,
Michal