Hi, I have a tomcat 6 installed. I have a running webapplication . I need to implement a role based access control. How can I combine servers caabilities so that I can use the request.getPrincipal() method ... I also have a list of roles and groups and who all are assigned what all roles/groups in db. Now its time to implement an access control mechanism. I do not want Basic authentication with a popup. I will be logging in by a normal html sign in form, with a username and password field. Once that is done everything should be the J2EE way. The roles for that user should get added to the request and I can use it for authorization.
-- Thanks Arun George