This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Hi Pankaj, I w'd like to know your thoughts on JAAS and J2EE declarative security. Do you think they integrate very well?. Can i employ JAAS for authenticatin and authorization and then expect the container to propogate the role, user context to the EJB container? I'm somehow not convinced about these 2 things working together seamlessly. It w'd be great if you c'd share ur thoughts on this. thanks!
With J2EE 1.3, JAAS and J2EE App Security (basically Web Apps and EJB Apps) didn't integrate very well. With J2EE 1.4 comes a new specification known as "Java Authorization Contract for Containers". This spec. is basically for Container providers so that the J2EE containers integrate well with JAAS.