Currently I am working at a big Enterprise where they use Tivoli Access Manager as authorization and authentication source for a lot of there applications.
This Enterprise is using JBoss as open source application server platform and is using this more and more. When they began using JBoss they got a TAM plug-in for JBoss from IBM. This plug-in did the complete authorization and authentication by implementing JAAS and registering all the used security roles in TAM. This is done during deployment time.
If you have an application with a lot of roles this is very frustrating because it can take a lot of extra time to start up (think of 30 minutes per application) because TAM is synchronizing all the new roles.
Most applications at this customer are using JAAS but do not have special method level authorizations implemented by using TAM. So only the roles are important.
After realizing this I thought is could be a good idea to create a simpler solution for integration TAM and JBoss. For this I wrote some custom code (only 250 lines).