File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Question on JAAS and J2EE Declarative security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Question on JAAS and J2EE Declarative security" Watch "Question on JAAS and J2EE Declarative security" New topic

Question on JAAS and J2EE Declarative security

Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
Hi Pankaj,
I w'd like to know your thoughts on JAAS and J2EE declarative security.
Do you think they integrate very well?. Can i employ JAAS for authenticatin and authorization and then expect the container to propogate the role, user context to the EJB container? I'm somehow not convinced about these 2 things working together seamlessly.
It w'd be great if you c'd share ur thoughts on this.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8898

Does all EJB servers support integration with JAAS?

Mcgill Smith
Ranch Hand

Joined: Nov 11, 2003
Posts: 178
JAAS is now included with the J2se 1.4,there is no explicit requirement in the EJB and J2EE specs that EJB containers must use JAAS to provide server-side authentication services.

Rufus BugleWeed
Ranch Hand

Joined: Feb 22, 2002
Posts: 1551
There was some discussion about merging the policy files for JAAS and Java 2 security in the 1.4 release. Did that happen?
Pankaj Kr
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
With J2EE 1.3, JAAS and J2EE App Security (basically Web Apps and EJB Apps) didn't integrate very well. With J2EE 1.4 comes a new specification known as "Java Authorization Contract for Containers". This spec. is basically for Container providers so that the J2EE containers integrate well with JAAS.

Pankaj Kumar
Home - WebLog - J2EE Security
Surasak Leenapongpanit
Ranch Hand

Joined: May 10, 2002
Posts: 341
Refer to JSR 115 - JavaTM Authorization Contract for Containers , its target java platform is JDK 2 SDK, Enterprise Edition, V 1.3 and above
Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
thanks pankaj for the info.
I agree. Here's the link:
subject: Question on JAAS and J2EE Declarative security
Similar Threads
JAAS and container managed security
JAAS: Declarative or Programmatic Security
stateless session bean and declaritive security
SCEA security: does JAAS handle system users and applicaiton users
When to not use EJB