Why don't u place resources that need to be accessed by management under "/restricted/management/" and protect.
Explain to me why an application based role like "manager" that is checked via isUserInRole("manager") to be mapped against an operational/deployment role- is a lot of hardcoding? You are free to define as many app roles as you need. Keep it simple. Have a look at JACC and our realm that deals with permissions in | org.jboss.web.tomcat.security.JaccAuthorizationRealm | Maybe that may give you some more ideas. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3915316#3915316 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3915316 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user