I don't know how to split this into a new thread or I would...,
I wanted to let you know that I've had some initial success writing a very simple jsr196 impl that always asserts the same Principal and Group on the clientSubject.
Even though it is static right now, the group-to-role mapping is working in my sample application so that my "admin" user in the "admin" group can access "admin.jsp" but not "user.jsp"
And... it was even easier than writing a TAI implementation.
Really nice!
The only (very slight) wrinkle is that for some reason calls to request.isUserInRole( "admin" ) return false, even though the role based access is working. Weird...
Side note, putting a space in the name of my provider caused a 500 error with no log messages.
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=269341