Thanks again Tim Funk. Your answer is another solution I didn't think of and it sounds standard conform and secure and clean to me.
I'll develop my own JNDIRealm / JAASRealm and my own Principal, so I get not only the name and roles of the user out of the directory but every other information that is store (UserBean) and the login password. Very well, Frerk Meyer EDEKA Aktiengesellschaft GB Datenverarbeitung Frerk Meyer CC Web Technologien New-York-Ring 6 22297 Hamburg Tel: 040/6377 - 3272 Fax: 040/6377 - 41268 mailto:[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]