1) there are not two phases to authentication. All that you could possibly do is to install a custom place holder java.security.acl.Group that lazily acquired the roles used for authorization.
2) Same as 1, there are not two phases. The security context is created during authentication and there is the possibility to lazily acquire roles given a place holder created during phase1, but since you don't seem to even know the key used to acquire roles, you'll need a placeholder proxy that is updated by a custom interceptor. 3) Yes, you are going to have to associate the roles after the fact outside of the JAAS login phase. This would have to be a custom interaction between the Group you installed during the authentication phase. If you can do this then the existing declarative security mechanism just works. If you cannot then you need to augment authentication with a custom interceptor/filter that manages the authorization checks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3837760#3837760 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3837760 ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
