We are in a process of developing an application, and are looking for ways to implement security, we have the following requirements:
1. There are operations that certain members cannot perform in general 2. There are operations that certain members cannot perform relative to an object (owner vs non-owner) What are some of the mechanims that you are using to deal with these problems. I assume, in the first case you can use deployment descriptor. Also isInRole query can be made to determine if particular option should be shown to the user during the .JSP processing. The second option is a bit more difficult to implement, since a particular user can be an owner of some objects but not others. How can this requirement be implemented? Thanks. -AP_