Historically, we have had role generation as part of the JAAS authentication process we do. The login modules populate the subject with a group called as "Roles". I want to provide RoleGeneration facilities at the security domain level. We will still maintain legacy role generation expectations as part of the Jaas layer.
Use case: User may perform authentication against the ldap server using a custom login module not inheriting from JBoss AbstractServerLoginModule. Then can use JBoss RoleGeneration modules specified at the security domain to generate the roles from a DB, LDAP server, properties file wherever.
Once the roles are generated and placed into the security context, the users can always apply mapping modules to the roles in the context.
Use case: As part of the security domain, for a particular principal, a set of roles are generated. The security domain is not dependent on a particular application or deployment. But an user may wish to apply specific mapping to roles based on the deployment or principal name or resource type etc.
I am looking for feedback mainly on the role generation part.