Hi,
The problem, as I see it, is that what you are doing is a "snapshot" of the directory (as you know it).
The problems of this solution are huge:
- How do you catch changes in the directory, that you may not even be aware of. The Directory Server is one of the most central service in an enterprise infrastructure and you are not the only one creating new groups or removing obsolete ones
- How do you know you have mapped all the groups of the entire tree (not to speak of groups in groups or link references)
I think the only way is to change the sun-web.xml and sun-ejb.xml and do a wildcard (like the transaction wildcard) or create a "special tag" "anonymous" or/and "all" to cover the cases of removing the authentication and/or removing the authorisation
greets
jeremie
[Message sent by forum member 'granat' (granat)]
http://forums.java.net/jive/thread.jspa?messageID=242364