i am wondering if someone can help me understand the relationship between roles in j2ee and Principals and Subjects in jaas. i believe i understand how Subjects and Principals relate to each other, how they are created and returned from a LoginContext, and how they can then be used to execute privileged actions (with doAs). however, i'd like to be able to give "users" in a system application-specific permissions based on their role. Is there a way to bind permissions to a specific Principal or Subject at runtime? How do Principals and Subjects relate to the containers' notion of roles? i've tried to read all the documentation i can find, so if anyone has a link that explains this i would be appreciative. also if this is better suited to the security forum, i'm happy to repost. thanks!
yes security forum is probably a more appropriate place for it, also the 3.0 version of JBoss Admin & Dev has good bits on the security implementation, if you haven't checked that yet