"David M. Karr" wrote in message
> I'm investigating how to build security providers that integrate WLS with

> authentication". I see it's pretty straightforward to implement the

> assertion provider, but I'm not sure how the authorization provider would

> My perimeter authentication mechanism will likely be providing the role

> in HTTP headers also. How would that work?

There is a context handler passed to the role mapper provider. It can get
access to the the
servlet request via the HttpServletRequest context name.