Does anyone else have some insight on how to couple Seam with container managed security? My rationale for sticking with container managed security:
... Use declarative security as a rule; use the techniques that are described in this section as a last resort.on http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_web.html)
Based on this, does seam provide any mechanism to couple security at the container level with some method of identity and role mapping. Specifically, the servlet spec provides for methods at the ServletRequest API to retrieve the userprinciple (request.getUserPrinciple), the remote user (request.getRemoteUser) and role mapping (request.isUserInRole("admin")). Based on these, is there a way to still inject some of the Seam security principles without resorting to a full JAAS implementation?