Topic: Support deployment level principal-role mapping via jboss.xml. If there is deployment level principal-role mapping done by the user, we should be able to take this into account during authorization decisions. Here is an example of this mapping: | <jboss> | <assembly-descriptor> | <security-role> | <role-name>Administrator</role-name> | <principal-name>j2ee</principal-name> | </security-role> | <security-role> | <role-name>Employee</role-name> | <principal-name>javajoe</principal-name> | <principal-name>j2ee</principal-name> | </security-role> | </assembly-descriptor> | </jboss> | This info is available in the metadata and can be obtained in the JBossSX layer. The previous approach of "DeploymentRolesLoginModule" was unaccepted. http://www.mail-archive.com/jboss-development@lists.sourceforge.net/msg65... Any ideas about solving this properly? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4017903#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...