> I cannot use "isUserInRole" or "getUserPricipal"
> because the application returns to an unsecure area
> after login. How is it possible to change the menu
> because of the users role?
If you want to stick to standard web security, i guess you'll have to use a trick like redirecting to a secured page first and call isUserInRole etc. there...
That's bad. I actually doing it this way. Do you know if the security will be change in a future version? I haven't read the j2ee 1.4 spec now.