Account account = sc.getAuthenticatedAccount();
if (account == null) {
return false;
}
final ServletChain servlet = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getCurrentServlet();
final Set<String> roles = servletContext.getDeployment().getDeploymentInfo().getPrincipalVersusRolesMap().get(account.getPrincipal().getName());
//TODO: a more efficient imple
for (SecurityRoleRef ref : servlet.getManagedServlet().getServletInfo().getSecurityRoleRefs()) {
if (ref.getRole().equals(role)) {
if (roles != null && roles.contains(ref.getLinkedRole())) {
return true;
}
return account.getRoles().contains(ref.getLinkedRole());