"David M. Karr" wrote in message
news:3f0b41ea$1@newsgroups.bea.com...
>
> I'm investigating how to build security providers that integrate WLS with

"perimeter
> authentication". I see it's pretty straightforward to implement the

identity
> assertion provider, but I'm not sure how the authorization provider would

work.
> My perimeter authentication mechanism will likely be providing the role

information
> in HTTP headers also. How would that work?
>


There is a context handler passed to the role mapper provider. It can get
access to the the
servlet request via the HttpServletRequest context name.