Role Generation:
Historically, we have had role generation as part of the JAAS authentication process we do. The login modules populate the subject with a group called as "Roles". I want to provide RoleGeneration facilities at the security domain level. We will still maintain legacy role generation expectations as part of the Jaas layer.

Use case: User may perform authentication against the ldap server using a custom login module not inheriting from JBoss AbstractServerLoginModule. Then can use JBoss RoleGeneration modules specified at the security domain to generate the roles from a DB, LDAP server, properties file wherever.

Role Mapping:
Once the roles are generated and placed into the security context, the users can always apply mapping modules to the roles in the context.

Use case: As part of the security domain, for a particular principal, a set of roles are generated. The security domain is not dependent on a particular application or deployment. But an user may wish to apply specific mapping to roles based on the deployment or principal name or resource type etc.

I am looking for feedback mainly on the role generation part.