Originally posted by Calina Cazangiu:
You need to configure the server. Tomcat, for example, has a config file tomcat-users.xml where you associate a user with a role:
<user name="user1" password="pw1" roles="role1, role2" />
Actually, that's just one of several Security Realms that Tomcat supports. I use the
jdbc realm, where the server.xml file points to a jdbc datasource and table info that is used to lookup userids and passwords for verification and returns the user's security role.
As David mentioned, there can be a one-to-many mapping on roles, just as there is at the JavaRanch (where the roles are "greenhorn", "ranch hand", "bartender", "sherrif"). So given a role, you can't unconditionally map back to a user.
Now of course, if the app KNOWS that a role is (allegedly) uniquely related to a user, it can be written to manually do a reverse lookup using the security database, but that's not something that you can do univerally.