Hi all,
On my current project I am using JAAS to implement the security on Glassfish. There is a specific requirement that I am struggling with, mostly because I do not know how to get my hands on the LoginContext from a JSF bean.
The EJBs are protected via the @RolesRequired annotation, but my problem is that the users groups can change after he has been authenticated. After authenticating the user is pointed to a page where he needs to select a client. The selection of the client will determine which of his groups come into play. The groups linked to other clients must not come into play.
The groups are a collection of permissions/roles.
My idea was to add/remove the required permissions/roles from the JSF bean by accessing the Subject. I am trying to access the Subject from the LoginContext. Is this possible, will it work and how would I get easy access to the Subject or is there a better way?
Thanks for any help.
[Message sent by forum member 'drfranknfurter' (drfranknfurter)]
http://forums.java.net/jive/thread.jspa?messageID=293150