I'm currently trying to access the WebRoleRefPermission using JACC ( https://jcp.org/en/jsr/detail?id=115 ) and I have encountered a problem. The problem is that I do get some permissions but not the WebRoleRefPermission. The way I try to get the permissions is:
Subject subject = PolicyContext.getContext("javax.security.auth.Subject.container")
Set<Principal> subjectPrincipals = subject.getPrincipals()
PermissionCollection permissionCollection = Policy.getPolicy().getPermissions( new ProtectionDomain( new CodeSource(null, (Certificate) null), null, null, subjectPrincipals.toArray(new Principal[subjectPrincipals.size()]) ));
// This seems to be needed to "Resolve any potentially unresolved permissions"
permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
Finally I loop over the elements in the PermissionCollection to locate the WebRoleRefPermission.
The web.xml contains the needed <security-role>, <auth-constraint> and <login-config>, Elytron seems to be configured correctly with JACC enabled and the login stuff works as expected when I access the application. But when an I use the pseudo code above to access the PermissionCollection in a JSP view there's no WebRoleRefPermission instances in it.
The code I use is based on one of the Java EE-7 JACC examples ( https://github.com/javaee-samples/javaee7-samples/blob/master/jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/SubjectServlet.java ).
Anyone have a clue if there's anything else I need to do to get access to the WebRoleRefPermission?