This is a two part question regarding the way JAAS is implemented in JBoss:
1.) Is it possible to store and load role definitions to and form a database table,rather than in the ejb-jar file? I find the use of XML files to be very limiting in the sense that role mapping can't be defined in a dynamic way at runtime(please correct me if I'm wrong).
2.) Is it possible to map roles to Non-EJB specific methods? I am using the Command pattern in a client/server app which employs a single session bean that processes the command objects. This setup is extremely flexible(so far) and has resulted in a very light-weight and refreshingly xml-free configuration. However, I'm not sure how to take advantage of JBoss JAAS authorization, in order to enforce permissions on each command.
Any advice would be appreciated!