I am a newbie to use both Struts2 and JAAS. I have implemented login authentication using JAAS+STRUTS2 in jboss. But now i need to give permissions to access web pages in my web application according to the roles being assigned to the users. I have written my own custom interceptor for implementing this logic.
For Eg: If the user has a role of "Admin" then he/she can have access over all the pages of the application. Else they have to be bound with certain limits and must be forbidden from viewing certain pages.
Googled many sites but all were concentrating mostly on authentication but not on authorization.
How can i do it effectively? Please do reply. i have been held up in this for a longtime.