I'm implementing a JAAS login mechanism in my app, not as a Realm but
via Struts Action classes.
In my loginModule, I am creating the Subject with principals and credentials and want to store role information. Where does Tomcat expect a list of roles to be in the Subject? I Haven't been able to figure this out. I want to make sure that in the future I can use features that check request.isUserInRole(roleName).
That would be messin' with the container-managed security, which isn't allowed according to the servlet spec. You can't mix & match your own login with the container-managed stuff, unless you're modifying tomcat source code.
Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]