Am Thu, 28 Apr 2011 06:29:06 -0700 (PDT)
schrieb ljnelson <ljnelson_at_gmail.com>:
> Start the whole JACC mess with implementing a java.security.Policy.
> You'll want to override the implies() method. Once you've got that,
> then start reading about JACC.
As another thought, couldn't I somehow make use of JAAS and map JAAS
principals to (application specific) roles for use with @RolesAllowed
in some way? I know dealing with JAAS also is painful at times but at
least it seems less "invasive" than messing with java.security.Policy,
and it seems a bit more well-documented...
Cheers,
Kristian