I need to implement form-based authentication and furthermore I have users with different roles (which are stored in a oracle database).
Now, according to the user-role, the user will only be allowed to access certain pages/sites. For example user with role "0" is allowed to access page1.jsp, page2.jsp and page3.jsp whereas the user with role "1" is only allowed to access page1.jsp and page2.jsp and the user with role "2" can only access page3.jsp.
I am not sure how I have to implement that in my deployment descriptor (web.xml).
select role, role_group from s_users where username=?
select role, 'Roles' from s_users where username=?
Also, why are you defining the roles in the s_users table? You should have a roles table and a users table. Otherwise you'll end up having a denormalized table with a lot of duplicate data, which will probably cause you trouble in the future.