I have done some reading on the acegi website - uh - looks very complex for a newbie like me
What I need:
Somewhat like a SecurityContext where I can ask for the principal and his roles, just like in HttpRequest but as static class so that I can call everywhere:
SecurityContext.getPrincipal() not being dependend on HttpRequest.
Another thing would be declarative security based on classes and methods. Just a bit like that what I can do in web.xml with URLs.
OK, it would not be that difficult to build this myself with ThreadLocal and an Advice but I'm absolutely sure that acegi can do that job already.
So, where I have to start reading. I little step by step tutorial would be nice
P.S. I'm using tomcat 5.5. The solution should support tomcat (HTTP-AUTH) but it should not depend on it.