Hi again, yes, by googling around and evaluating some more, I guess I can do one out of two:
1. Keep this configuration and use programmatic role evaluation in all methods 2. Modify my existing loginmodule and wrap my token into,for instance, the password attribute. and then do request.login(username,<token>) I'll just see whats best. br, hw -- View this message in context: http://openejb.979440.n4.nabble.com/Setting-principal-in-a-filter-tp4668223p4668234.html Sent from the OpenEJB User mailing list archive at Nabble.com.
