The extent to which you can use standard J2EE security mechanisms in conjunction with the PAF depends on the purposes for which you are using the different security mechanisms.

Because J2EE supports only static roles, the normal J2EE access control mechanisms cannot be used in conjunction with the PAF’s dynamic community-related access control levels (community leader, community member, and community guest). For these roles, you should use the PAF-supplied tags and methods.

However, you may want to define your own roles, assign them to users, and use them to control access to Web applications available through your gear’s web.xml definitions. You may also want to use the roles to programmatically determine access using the hasRole() method exposed by the J2EE Principal object. The PAF contains one such predefined role: portal-admin. This role may be assigned and used according to ordinary J2EE security mechanisms.

If you do use J2EE page security mechanisms, you can enable the <login-config> specifier to use the PAF login and error pages as follows:

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name></realm-name>
  <form-login-config>
    <form-login-page>
    /portal/userprofiling/html/login.jsp
    </form-login-page>
    <form-error-page>
    /portal/access/html/accessDenied.jsp
    </form-error-page>
  </form-login-config>
</login-config>