How to get list of roles for authenticated user?

[Techie]

Thought HttpRequest would have something like getUserRoles() or
something, but no go. What gives w/ the Javax API? Why no
getUsesrRoles()? What am I missing? How do I get a list of roles that
an authenticated user (Principal, whatever) has access to?

Danke.

 

[Sudsy]

Thought HttpRequest would have something like getUserRoles() or
something, but no go. What gives w/ the Javax API? Why no
getUsesrRoles()? What am I missing? How do I get a list of roles that
an authenticated user (Principal, whatever) has access to?

see javax.servlet.http.HttpServletRequest#isUserInRole and
javax.servlet.http.HttpServletRequest#getUserPrincipal.

 

[Techie]

I know about those, but what I want to be able to do is get a list of
all the roles for a given authenticated user. Doesn't seem like that
is possible from the servlet API's. Kinda want to know how people are
working around it, and maybe why it wasn't in the API. I mean, if you
can ask a user if he belongs to a role, why not be able to get a list
of those roles instead of asking isUserInRole(x), isUserInRole(y),
isUserInRole(37), isUserInRole(38), etc.?

May just be the funkiness of my authentication/authorization scheme.
We're using Tomcat, but have two separate web apps, and not enough dev
db connections to get from one of the web apps to one of the db
schemas. So, we were hoping the HttpServletRequest could provide us
with a list of the roles for a particular user.

Also, trying to figure out how web.xml roles tie into roles defined
through the Realm stuff with Tomcat, which we're using. Any
easy-to-understand docs?