I'm implementing a JAAS login mechanism in my app, not as a Realm but via Struts Action classes.
In my loginModule, I am creating the Subject with principals and credentials and want to store role information. Where does Tomcat expect a list of roles to be in the Subject? I Haven't been able to figure this out. I want to make sure that in the future I can use features that check request.isUserInRole(roleName). Also, within the session object, should the Subject be cached under 'subject_key'? I found this somewhere but am unsure about it. Thanks, Alan