Hi Laird;
and thanks very much for your thoughts on that... :
Am Thu, 28 Apr 2011 06:29:06 -0700 (PDT)
schrieb ljnelson <ljnelson_at_gmail.com>:
> The "proper" way to do it is to set up a JACC provider. It is a
> woefully underdocumented pain in the neck, but that's the facility
> that the Java EE stack provides to bind a @RolesAllowed check to a
> java.security.Policy, which can serve as the front end to your
> obscure glue code.
Aaah. Looking at our earlier trips to JAAS / JACC world, I already
feared it would boil down to doing this kind and amount of work. Oh
well... :)
> Start the whole JACC mess with implementing a java.security.Policy.
> You'll want to override the implies() method. Once you've got that,
> then start reading about JACC.
I'll have a look at it and see how far I get, following this road.
Hope I'll not end up learning that implementing a custom apache2
authentication module is the more sane thing to do... ;)
Thanks anyway for your help, all the best.
Kristian