I've read (and understand, but obviously not fully) Ron Monzillo's article
on doing this:
http://blogs.oracle.com/monzillo/entry/using_jacc_to_determine_a
Is there a related recipe for returning all the application role names as
declared in an .ear file's application.xml's <security-role> stanzas?
I have an EJB at the moment that is using Ron's recipe to attempt to
calculate such a list. It is correctly returning any roles that the EJB
happens to mention in a @DeclareRoles annotation; otherwise, it returns
nothing.
Thanks for any pointers; it is of course quite possible that I've missed
something.
My use case is not the usual "how do I dynamically add/change/delete roles",
which of course is not possible in Java EE. It is instead to come up with a
list of such unchanging roles so that my UI developers can put together a
dynamic UI permission screen. Effectively, each role from this list will be
used in a "isUserInRole()" call from elsewhere in the application.
I was hoping that this would work without having to sprinkle otherwise
meaningless and not-needed @DeclareRoles annotations (or their deployment
descriptor equivalents) throughout the code.
I certainly hope such a thing is possible, as otherwise I will be
duplicating work that the container already has to perform.
Best,
Laird