I am currently attempting the sun-web.xml approach [#1]
I have managed to get authorized to get past the web.xml <auth-constraint> entries and view pages. However, when my code makes calls to HttpServletRequest.isUserInRole() it returns false, even though I can navigate to a page with an <auth-constraint> that has the same role assigned. Our navigation system calls isUserInRole() ... this way the user doesn't see icons or links to pages they don't have permission to access.
I'm still confused, please help!
--pw
[Message sent by forum member 'pwardrip' (pwardrip)]
http://forums.java.net/jive/thread.jspa?messageID=321329