So why not just specify that the user in only in role X in your file/database/etc? - then you don't need to do anything with the LoginModule.
I understand what u suggested,but the reqmt being that user should be able to access only methods that are available to him during a login for a particular "role".
The user is allowed multiple roles.He should be able to select a particular roles!
Hope this clarifies the reqmt bit more!
Thanks in advance,
So a user logs in and then selects which 'role' they wish to be, and that governs what they can do? And I presume they can change this 'role' at their will?
Hmm... Leaves 2 options I guess:
1. The username/password the user uses is not a real JAAS one, but a fake which you control and then do a lookup to their possible 'roles'. You then log the user in using their selected 'role' which is a Subject in the JAAS sense and has one true role.
2. When the user logs in (this time a real JAAS username/password) you store their desired 'role' and then in a custom LoginModule only return the Principal(s) that correspond to that 'role'. (You will need to flush the AuthorizationCache whenever the user switches their 'role')
Anyone else got any good ideas? - I have had a sleepless night with an uncontrolled newly diabetic dog so not at my best!