I saw an interesting post on the JHeadstart teams blog about 10 days ago posted by Sandra Muller. The blog entry is called "J2EE Authentication and Authorization with JHeadstart". Sandra announced a new document called How To Add J2EE Authentication and Authorization to a JHeadstart Application that explains how to set up J2EE authentication and authorization with JHeadstart using as much of (in Sandra's words) OC4J, Struts, ADF BC and JHeadstart. Sandra also tells us that a new article will be published soon describing how to do authorisation and authentication with your own user/role tables. I will watch out for it.