I analyse my problem to authentificate without the login_module in more detail. My solution works fine (see prior messages) but I have no access to the user associated roles with the method isUserInRol(). The problem is that I allow an external component to executes the authentification and the security valve will see a subject allready. If a subject is given, this valve will not set the principal with the usermanager.
My question is how to set a new subject for the first requst to create a new session with the given principal from the external authentifcator? What is the best way because I don't want to create a new session for every request! mg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
