> Am I missing something? I have a working version of an AuthInterceptor, but > still no examples on how to control isUserInRole().
To control the isUserInRole() you will have to look at your Servlet container and customise the AuthInterceptor to interact with your container's implementation of JAAS. The obvious question is why don't you use JAAS to populate the roles on login? The reason we don't is that we have a complex authorisation hierarchy that was just too complex for JAAS alone. It sounds like you don't need that level of complexity. I'd go for just straight JAAS. Have a look at the free JAAS in Action book (http://www.jaasbook.com/) I found it really useful. Z. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
