Hello all, i am wondering if someone can help me understand the relationship between roles in j2ee and Principals and Subjects in jaas. i believe i understand how Subjects and Principals relate to each other, how they are created and returned from a LoginContext, and how they can then be used to execute privileged actions (with doAs). however, i'd like to be able to give "users" in a system application-specific permissions based on their role. Is there a way to bind permissions to a specific Principal or Subject at runtime? How do Principals and Subjects relate to the containers' notion of roles? i've tried to read all the documentation i can find, so if anyone has a link that explains this i would be appreciative. thanks!