Hi all, I'm using JBoss and EJBs and struts as my web app. I've got some resources that are protected and for the moment I've written a Filter which protects them.
However this may not be the best way to do this. I'm vaguely aware that J2EE can use JAAS and I can have things like roles and principles and that these can be propogated from the servlets to methods on the session facade and that this is probably the right way to go. However the limited bit of documentation that I've read on this seems very non-standard and confusing. I'd like to know people's experience with this area and any advice if possible. thanks very much, Brian
