Hello tzablock, Two ways immediately come to mind(assuming you are using Tomcat)...
1.) per servlet spec, call HttpServletRequest's getUserPrincipal() method which if using Tomcat, will be an instance of org.apache.catalina.realm.GenericPrincipal principal. This class has a public String[] getRoles() method that will give you the roles. 2.) another and in my opinion a better way, is to set the SecurityAssociationValves's subjectAttributeName parameter which will store the authenticated subject in the session under the configured name. Then you only need to get subject from HttpSession. let me know if I have not been clear enough, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3922067#3922067 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3922067 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user