SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
try
{
int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
isAuthorized = (permit == AuthorizationContext.PERMIT);
String level = (permit == AuthorizationContext.PERMIT ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
if(this.enableAudit)
this.authorizationAudit(level,webResource, null);
}