> I was thinking more along the lines of an additional filter to add to the > web.xml of the app in question that allowed me to specify a list of users > directly or potentially a resource on the classpath that contained the list.
These are options, yes, but not very scalable. Managing that user list would only be suitable if it's a small app used by a few people that changes infrequently. By leveraging attribute release, on the other hand, you could leverage existing authorization groups in your IDM infrastructure. This would decouple role management from your application, which is a good thing. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
