It seems strange that all roles returned by the JNDIRealm’s getRoles() include distinct names EXCEPT the nested roles (only common name of nested roles are returned). My first reaction is that this is a bug that needs to be fixed, but if it is not a bug it would be nice to be able to control whether or not roles are displayed with their distinct names (e.g. with a parameter in server.xml).
We need the fully qualified name so we can work with the role hierarchy. (if I am in a parent role I need access to areas assigned explicitly to the roles of descendents) We have made a change to account for this in the JNDIRealm class. What would we have to do to have this considered for inclusion in the next version of Tomcat?
