I expose a method in my remote interface called updatePerson(int personID)
Now the only two roles that can execute this method are admin and isManager. Observe the person being updated is a parameter being passed into the updatePerson method in the remote interface. As I understand it, the CustomLoginModule would happen even before the method gets executed. Hence, I've to pass the personID to this module so that I can then establish the relationship to the caller. Or on the server side can I write a SecurityProxyInterceptor that can add the role "isManager" to the EJBContext? Thanks! <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3826593#3826593">View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3826593>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user