I am planning to write a security realm to authenticate against our internal security system. This does not seem to be overly difficult. I then plan to use the SingleSignOn valve to propagate security between multiple web applications. Again, that seems straight forward.
Now it starts to get a little tricky. In our security model a user belongs to many roles, but is only acting in one role at a time. Does anyone have any ideas on how to handle this ??? I have considered that I will need to prompt the user for the role they are performing, and then store this role somewhere. Ideally I would like to store this single role in the Tomcat Generic Security object for that user. This seems like it would require changing Tomcat code. Not out of the question, but perhaps a little beyond my current abilities. Alternatively, I could store this role in the users session. This will work for an individual web application, but the role would not be propagated between web applications like the security object is. To clarify, this single role is passed on every call to our application server. I could just write our own security system entirely, but I prefer to stick as closely as possible to the J2EE security model (i.e. have the security object propogated to the application server from tomcat - the single role is extra information that does not seem to be available in the standard model). Hopefully someone will have some fresh ideas. Thanks for any help. Geoff Apps [EMAIL PROTECTED] -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
