Hi, You could persist the users/roles in the datastore and then apply a RequestFilter to specific URL mappings, passing in the valid roles for each filter through an init-param of the specific filter definitions.
e.g. <filter> <filter-name>allRoles</filter-name> <filter-class>com.company.RoleFilter</filter-class> <init-param> <param-name>roles</param-name> <param-value>role1,role2,role3</param-value> </init-param> </filter> <filter> <filter-name>role1Only</filter-name> <filter-class>com.company.RoleFilter</filter-class> <init-param> <param-name>roles</param-name> <param-value>role1</param-value> </init-param> </filter> <filter-mapping> <filter-name>allRoles</filter-name> <url-pattern>/everyone/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>role1Only</filter-name> <url-pattern>/someOtherUrl/*</url-pattern> </filter-mapping> Cheers, Simon -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.