Hi Pankaj, I w'd like to know your thoughts on JAAS and J2EE declarative security. Do you think they integrate very well?. Can i employ JAAS for authenticatin and authorization and then expect the container to propogate the role, user context to the EJB container? I'm somehow not convinced about these 2 things working together seamlessly. It w'd be great if you c'd share ur thoughts on this. thanks!
With J2EE 1.3, JAAS and J2EE App Security (basically Web Apps and EJB Apps) didn't integrate very well. With J2EE 1.4 comes a new specification known as "Java Authorization Contract for Containers". This spec. is basically for Container providers so that the J2EE containers integrate well with JAAS.