There is a limit in the maximum length of Java EE security roles names ( for example one of the names used in the @DeclareRoles and @RolesAllowed annotations) ?
I would like to have some references to standards or RFC that possibly puts a limit (or not ) in the length security roles names? Is the same for Java EE 5, Java EE 6, Java EE 7 ?
There are no constraints in the spec. This is not explicitly said, but the absence of explicit constraint makes it like there are none.
Note that specific implementations like Wildfly, Weblogic, Glassfish, etc. might have constraints. You should check with your AS.
Doing a little research I found that the maximum value of an array in java is determined by Integer.MAX_VALUE - 4 wherein MAX_VALUE is 2 ^ 31-1.
You can take a look at the following response in SO: Do Java arrays Have a maximum size?
Source: https://docs.oracle.com/javase/7/docs/api/java/lang/Integer.html
