// https://blogs.oracle.com/monzillo/entry/using_jacc_to_determine_a

        Subject subject = (Subject) PolicyContext
            .getContext("javax.security.auth.Subject.container");
        CodeSource cs = new CodeSource(null,
            (java.security.cert.Certificate[]) null);
        Principal principals[] = (subject == null ? new Principal[0] : subject
            .getPrincipals().toArray(new Principal[0]));
        for (Principal principal : principals) {
            System.out
                .println(principal + " " + principal.getClass().getName());
        }

        ProtectionDomain pd = new ProtectionDomain(cs, null, null, principals);
        Policy policy = Policy.getPolicy();
        PermissionCollection pc = policy.getPermissions(pd);
        pc.implies(new WebRoleRefPermission(null, null));
        Set<String> roleSet = new HashSet<String>();
        Enumeration<Permission> e = pc.elements();
        while (e.hasMoreElements()) {
            Permission p = e.nextElement();
            if (p instanceof WebRoleRefPermission) {
                String roleRef = p.getActions();
                // confirm roleRef via isUserInRole to ensure proper scoping to
                // Servlet Name
                // if (request.isUserInRole(roleRef)) {
                roleSet.add(p.getActions());
                System.out.println("Role actions: " + p.getActions());
                System.out.println("Role name:    " + p.getName());
                // }
            }
        }
        System.out.println("Roles in the context of this page: " + roleSet);