Is there any chance you can migrate this data to LDAP?
If you put users/roles in a LDAP server, such as OpenLDAP, active directory, secureway, you can use the LDAP "User registry" in Websphere App Server.
With web apps you control login with security entries in web.xml.
According to the j2ee spec:
http://java.sun.com/webservices/docs/1.3/tutorial/doc/Security4.html In a servlet, you can do
In JSPs you can do similar, or use appropriate JSTL/struts tags.
There's a WAS overview here
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/welc_security.html If you can't migrate to LDAP, you can write a Custom User Registry.
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/tsec_tbucs.html That page has a sample with a file based user reg, but it shows you what interface you need to implement.
In your webpages and servlets, you would still be able to do isUserInRole()..., because this interface goes through the JAAS layer. It's transparent to the programmer.
If you later migrate to LDAP, you don't need to change apps, but rather how users/roles are stored.
A lot of developers (including me!) wrote their own "JAAS layers".
It's meaningless to run an app server and write these layers yourself.
Hope that helps,
Regards,
/Tom