I need to check some permissions inside servlet code. My solution was that i looked up "java:comp/env/security/securityMgr" and test: jsm.doesUserHaveRole(user, role)
it works for me fine in jboss 3.2.4rc1 with tomcat, but it doesn't in jboss 3.2.4rc1 with jetty. The problem was, that getUserRoles(request.getUserPrincipal()) returns null, but if i checked request.isUserInRole (somerole) was true.
I have some thoughts on this problem:
1/ my JbossSecurityMgr "usage pattern" isn't good ;-) 2/ there are some incopatibilities in current jetty ( AFAIK last changes touched mainly abstractWebContainer code, but maybe some modifications in realm are also needed) 3/ jboss realm in jetty doesn't support this type of permission checking at all.