Hi Pankaj, I w'd like to know your thoughts on JAAS and J2EE declarative security. Do you think they integrate very well?. Can i employ JAAS for authenticatin and authorization and then expect the container to propogate the role, user context to the EJB container? I'm somehow not convinced about these 2 things working together seamlessly. It w'd be great if you c'd share ur thoughts on this. thanks!
JAAS is now included with the J2se 1.4,there is no explicit requirement in the EJB and J2EE specs that EJB containers must use JAAS to provide server-side authentication services.
Joined: Feb 22, 2002
There was some discussion about merging the policy files for JAAS and Java 2 security in the 1.4 release. Did that happen?
Joined: Sep 09, 2003
With J2EE 1.3, JAAS and J2EE App Security (basically Web Apps and EJB Apps) didn't integrate very well. With J2EE 1.4 comes a new specification known as "Java Authorization Contract for Containers". This spec. is basically for Container providers so that the J2EE containers integrate well with JAAS.