I've been using JSecurity for a few months now and I really like it. So far, I've just added it to my existing (home grown) user management system, but I'm evaluating replacing my home grown stuff with the JSecurityFilter web stuff. I'm looking at the sample web app, but I don't see where authentication actually happens. Is the expected behavior to subclass DefaultWebSecurityManager and pass in a Realm to do authentication, then specify it with the "securityManager" config parameter on JSecurityFilter? Or is there another way to specify a realm?
Thanks, Erik
