Hi there,
Just out of completeness, the reason why you cannot assert which roles the principal belongs to is due to the fact that you did not declare the roles in use for the application in question using the security-role tag on the web.xml file of your application.
like so :
<security-role>
<description>An authenticated User</description>
<role-name>authenticated</role-name>
</security-role>
Eventhough you cannot see the results on your printout of the isUserinRole() if you define the application as only being accessible through one of the roles assigned to the specific user you will see that authorization is being done properly. At least that is what is happening to me right now.
I totally understand that for your scenario it wouldn't be acceptable to have the roles defined on the XML file because you want the roles to be defined dynamically. I have the same problem and I'm stuck at this point right now.
through testing I know that authorization with the configured realm using the roles assigned through the group-to-role configuration is working but when I use the previously stated method i just simply cannot see if the user belongs to a role/group or not (because I'm not declaring the security-roles either) . Some of my code depend on knowing these groups to work properly.
Can you shine some light as to how you managed to go around this situation?
Thanks loads for your help
Rui
[Message sent by forum member 'syshex' ]
http://forums.java.net/jive/thread.jspa?messageID=373248