Have anyone looked into using a JAAS Subject instead of a Principal in the security tokens used for authorisation in Slide?
As it is right now, the authentication can be delegated to the servlet container, since the principal abstracts away this. It's not the same for role / group membershiop though. Using a Subject instead would allow encoding of the group role membership by adding these as specific principals to the Subject principal set. The only possible problem I can see is that there is no support for retrieving a Subject in a servlet container independent way, as with request.getUserPrincipal(); -- -Torgeir -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
