Hi Alex,
AFAIK, the only things you have when using JSDK specified security are
those you mention: Defining roles in web.xml and using isUserInRole()
inside your code. We thought it could have done better and we pointed
out the shortcomings, like your second option, to the spec guys. They
answere
We are in a process of developing an application, and are looking for ways
to implement security, we have the following requirements:
1. There are operations that certain members cannot perform in general
2. There are operations that certain members cannot perform relative to an
object (owner vs
