We are trying to figure out a way to handle realm-based security in a multi-application environement where users and their roles are specified in a DB. Users are stored in one table with password and there is a table for each application definining permissions for the user. I have been looking at the new JAASRealm the Craig put together, but I'm not sure if it's exactly what we need or if it's going overboard. Otherwise we have to represent roles in this manner: [applicationName]:[applicationId]:[role] and have a specialized realm do string parsing to validate roles within an application. Our applications are deployed under a single war to take advantage of a pseudo single sign-on. Any suggestions would be apprechiated, Jacob
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
