Thanks Ron!
> although it would help if you can describe how the application would know how to handle roles that it didn't know about at the time it was developed?
My JEE application reads reports from a file system, which were written there by another application. Our security policy implies that a user has to be member of a group with a name which is the same as a folder name in the file system.
So the idea is that the reporting guys could simply create a new role by adding a folder to the file system and a group to the ldap server.
I know that this is quite a strange architecture but integration isn't always an easy thing :-)
[Message sent by forum member 'realsnowbird' (realsnowbird)]
http://forums.java.net/jive/thread.jspa?messageID=293689