You will have to provide some code of yours to do the validation, thru' JAAS. We had someting similar to that a : Object.getProperty (ATTRIBUTE_NAME);
would be allowed / not allowed according to the property requested (an of course the user permissions). Unfortunatelly it is not available off-the-selve from the javax.security.auth.login.* & javax.security.auth.* Off the ML, I can provide you some help or the e-mail of the contractor / free-lance that did the hack ! Thomas, -- Thomas SMETS yahoo-id : smetsthomas ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user