OK, I've coded my own Principal store based on code from JNDIPrincipalStore
and am setting up a test configuration. I'm a little confused how to setup
domain.xml. First, my store will only handle /users and /roles. Everything
else will be handled by J2EEStore. So, do I setup two separate
Your second example is correct. The securitystore is for controlling
access to the nodes from that store. So in this case it would hold
permissions for who is allowed to view information about your users (or
roles).
You can see an example config in CVS: