Hi,
in my application an ldap server is used for authentication. Ldap groups represent roles. Nothing special.
The crucial thing is that groups are added dynamically to the ldap server and the application has to know about all roles assigned to the authenticated user.
So I've got two questions:
1) Is it possible for an EJB to find all roles for the current user? I could invoke "isCallerInRole" for each role but unfortunatelly I don't know the roles at development time
2) Is there a way to make roles visible to an EJB, even when they haven't been declared with @DeclareRoles or inside a deployment descriptor? I've found the very handy switch "Default Principal To Role Mapping" in the glassfish configuration, but that just seems to map ldap groups to declared roles. I still have to declare the role somewhere.
At the moment the only way seems to be querying the ldap server for the user which has been authenticated by glassfish. But if there's a way to get the information without another roundtrip I'd like to avoid that.
Thank you for any ideas!
[Message sent by forum member 'realsnowbird' (realsnowbird)]
http://forums.java.net/jive/thread.jspa?messageID=292093