to activate/passivate a role owned by a user, we need to:
- grab the current AuthenticationManager
AuthenticationManager authenticationManager =(AuthenticationManager)request.getSession().getServletContext().getAttribute(SecurityConstants.AUTHENTICATION_MANAGER);
- grab the User (i.e the Subject)
HttpAuthenticationUtils auth= (HttpAuthenticationUtils)request.getSession(true).getAttribute(HttpConstants.AUTHN_UTILS);
Subject user = auth.getSubject();- define the active flag on the role
authenticationManager.setActiveOnRolePrincipal(user,roleName,applicationName,active);
on 02/01/2007 at 13:29