• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JAAS Vs. Container managed security in web tier (managed at web.xml)

 
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a requirement where in I have an application client as well as web client for my ejb application.

Coming to talk of secuity ---- I would like to confirm if my understanding is right.

Let us say that

I implement security in my java swing based application using the JAAS.
I implement security for my web tier using the container managed security in web.xml;
I implement security for my ejb tier using the container managed security in ejb-jar.xml;

I have the option to implement for my web and ejb tier to go for programmatic based implementation...however, since what the container provides is sufficient, i have chosen the same.

In swing based client applications by using JAAS --- we have the flexibilty to incorporate standard security mechanisms like Solaris NIS (Network Information Services), Windows NT, LDAP (lightweight access directory protocol), Kerberos, and others into our application in a consistent, configurable way;

In web tier / ejb tier if we had not gone by container managed declarative security then we would have had to go for managing the security programmatically. Is that also based on JAAS??? If not ...why is JAAS not used there?
 
Author & Gold Digger
Posts: 7617
6
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Moving this to the EJB and Other J2EE Technologies forum as the SCBCD exam does not deal with JAAS.

Thanks for your comprehension
 
reply
    Bookmark Topic Watch Topic
  • New Topic