Hey guys, I am in the process of developing a J2EE software that requires Security via authentication and user roles. I found JBossSX to a good way to start off implementating this Security. However, I also have a requirement that roles can be altered at any time (new roles can be added, access restrictions for current roles can be changed etc...) after deployment. I wanted to get some ideas on how I can acheive this using the JAAS and JBossSX infrastructures since most of it is done throught XML files (ejb-jar.xml, jboss.xml etc...) I figure that im going to have to regenerate these XML files on the fly and then hot deploy them to the JBoss server so as to not affect connectivity to the server. However, I have no clear idea of how I am going to implement this functionality. I'm sure someone somewhere has probably done something along these lines so I would appreciate it if anyone could give me some pointers.

Thanks a lot,
Ison Udoka.