--- /dev/null
+ // https://blogs.oracle.com/monzillo/entry/using_jacc_to_determine_a
+
+ Subject subject = (Subject) PolicyContext
+ .getContext("javax.security.auth.Subject.container");
+ CodeSource cs = new CodeSource(null,
+ (java.security.cert.Certificate[]) null);
+ Principal principals[] = (subject == null ? new Principal[0] : subject
+ .getPrincipals().toArray(new Principal[0]));
+ for (Principal principal : principals) {
+ System.out
+ .println(principal + " " + principal.getClass().getName());
+ }
+
+ ProtectionDomain pd = new ProtectionDomain(cs, null, null, principals);
+ Policy policy = Policy.getPolicy();
+ PermissionCollection pc = policy.getPermissions(pd);
+ pc.implies(new WebRoleRefPermission(null, null));
+ Set<String> roleSet = new HashSet<String>();
+ Enumeration<Permission> e = pc.elements();
+ while (e.hasMoreElements()) {
+ Permission p = e.nextElement();
+ if (p instanceof WebRoleRefPermission) {
+ String roleRef = p.getActions();
+ // confirm roleRef via isUserInRole to ensure proper scoping to
+ // Servlet Name
+ // if (request.isUserInRole(roleRef)) {
+ roleSet.add(p.getActions());
+ System.out.println("Role actions: " + p.getActions());
+ System.out.println("Role name: " + p.getName());
+ // }
+ }
+ }
+ System.out.println("Roles in the context of this page: " + roleSet);