GeeCON Prague 2014*
The moose likes Security and the fly likes Question on JAAS and J2EE Declarative security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Question on JAAS and J2EE Declarative security" Watch "Question on JAAS and J2EE Declarative security" New topic
Author

Question on JAAS and J2EE Declarative security

Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
Hi Pankaj,
I w'd like to know your thoughts on JAAS and J2EE declarative security.
Do you think they integrate very well?. Can i employ JAAS for authenticatin and authorization and then expect the container to propogate the role, user context to the EJB container? I'm somehow not convinced about these 2 things working together seamlessly.
It w'd be great if you c'd share ur thoughts on this.
thanks!
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

Does all EJB servers support integration with JAAS?


Groovy
Mcgill Smith
Ranch Hand

Joined: Nov 11, 2003
Posts: 178
JAAS is now included with the J2se 1.4,there is no explicit requirement in the EJB and J2EE specs that EJB containers must use JAAS to provide server-side authentication services.


Regards
Mcgill
Rufus BugleWeed
Ranch Hand

Joined: Feb 22, 2002
Posts: 1551
There was some discussion about merging the policy files for JAAS and Java 2 security in the 1.4 release. Did that happen?
Pankaj Kr
Author
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
With J2EE 1.3, JAAS and J2EE App Security (basically Web Apps and EJB Apps) didn't integrate very well. With J2EE 1.4 comes a new specification known as "Java Authorization Contract for Containers". This spec. is basically for Container providers so that the J2EE containers integrate well with JAAS.


Pankaj Kumar
Home - WebLog - J2EE Security
Surasak Leenapongpanit
Ranch Hand

Joined: May 10, 2002
Posts: 341
Refer to JSR 115 - JavaTM Authorization Contract for Containers , its target java platform is JDK 2 SDK, Enterprise Edition, V 1.3 and above
Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
thanks pankaj for the info.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Question on JAAS and J2EE Declarative security