How did you guys work around issues when dealing with Slide's security implementation? [apologies up front - this is probably a question for the slide users list, but since I'm integrating the JBoss Portal CMS and you've probably already came across things like this, I'll take alittle liberty here]

For example, I have a JAAS login module configured - I go to a database to get authentication/authorization information (i.e. users and roles are obtained via JAAS). However, for some reason, Slide still wants me to put the role and user information in the Domain.xml configuration.

<!-- why is this required here? JAAS defines the users -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/john" />
...
<objectnode
 classname="org.apache.slide.structure.SubjectNode"
 uri="/roles/webdav">
<!-- why do I need this? the webdav role is detected by JAAS -->
<revision>
 <property name="group-member-set">
 [CDATA[<D:href xmlns:D='DAV:'>/users/john</D:href>]]
 </property>
</revision>
</objectnode>

If I comment out the "revision" element and below, I get a 403 "Forbidden" error (even though JAAS says I have the webdav role, it sees this in the DB). But if I uncomment that and configure it as above, it works fine. Slide wants me to confirm JAAS in this /roles/webdav "group-member-set" property! It also is forcing me to declare the /user/john user node - even though JAAS sees this user in the DB as well.

I suppose I can add my user and the roles to Slide via WebDAV, but that's a bit of a pain having to maintain two security databases - the true database that JAAS looks at and the Slide "database" which is simply a CDATA string in the "group-member-set" property that contains the names of all the users in that role and the /user nodes as well.

Seems to defeat JAAS to me - I was wondering how JBoss Portal handles role-based authorization and what it does wrt this Slide issue?