We are using ModeShape together with WildFly, both with Basic Authentication and Active Directory Authentication.

In AD the role names are prefixed with the domain. In ModeShape there are four hard coded roles: admin, readonly, readwrite and connect.

This clashes with our AD roles since a role here would be called e.g. DOMAIN\admin.

Firstly this role name is very common, secondly I need to modify our AD integration code to strip the domain name frmo of the role name so that ModeShape will accept it.

My proposal is that the names of the roles be made configurable and not hardcoded.