I'm using the following piece of code in a JSP to get the logged in
user_id:
((Principal) SecurityAssociation.getPrincipal()).getName()
Dont do this!! SecurityAssociation is a JBoss specific class and would
tie your JSPs to JBoss. Even if you don't expect to change application
server there is no reason to do it this way because...
request.getUserPrincipal().getName()
....will work just as well and will work on any platform.
but, how to get the role info
To the best of my knowledge there isn't a standard API call to enumerate
roles for a given user. You can use 'request.isUserInRole("RoleName")
which will return true or false depending on whether the user has the
role specified but this does require that you know which role you are
asking about.
If you require something more, you might want to load the user/role data
from a database (if you aren't already), JBoss provides a LoginModule to
do this. Then you can write your own code that will be something like...
String[] roles = getRolesForUser(username);
....which will query your database and return the result.