Does j2ee security interact well with other systems in the enterprise? especally in the area enterprise app integration. For eg if we deploy a complete j2ee solution in an enterprise , does it integrate well with the security features of other systems? Any experience / thoughts? Do third party SSO products take care of this integration?
You need to have the same type, or at least compatiable type of APIs, if the security is not assured by the containers, or Web browser. 4 years ago, I worked for a project that migrate the financial transaction server with the COBRA gateway server. We need to perform server-to-server authentication, and thus, both server has its own public/private key pair. However, the key generated for FTS uses Java, while that of COBRA gateway server is generated uses C. We found that the Java library cannot converted the byte of the key into Java Keystore. And finally, we need to use native library method to import the key for encryption. I guess nowadays will be better, as people put more concerns on system integration and interoperability. But I have not recent experiences on this area. Nick