Thanks developerdude, I should probably have detailed the context of my question better. Basically we have a situation in which different jasper users belong to multiple departments. We have one report which shows financial reporting per department. We have an input control which displays a list of departments that the user is able to run the report for. So once the user selects the department, the viewReportFlow takes care of running this report. The thing is, there is a major security flaw with my approach as a user can stick a proxy in between the browser and the Jasper Server application and change the department code to whatever he/she wants. In order to enforce the client side validation rules I also need to revalidate them at the server side, so hence I want to put some code at the server side which validates that the current logged in user actually has access to the department code that he's asking to run the report for. Cheers Alan