aspose file tools*
The moose likes Security and the fly likes JAAS:  Declarative or Programmatic Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS:  Declarative or Programmatic Security" Watch "JAAS:  Declarative or Programmatic Security" New topic
Author

JAAS: Declarative or Programmatic Security

Chris Dempsey
Greenhorn

Joined: Feb 24, 2004
Posts: 9
During a recent discussion about our project's security implementation a friend of mine and I got into a debate on whether JAAS was declarative security or programmatic. I contented that it was programmatic security since at some point your code under security must make a security check within the code. My pal said it was declarative because JAAS is configured by a policy file that was configurable outside of Java code.

What is the view of my fellow Ranchers?
Ionut Barau
Greenhorn

Joined: Feb 18, 2008
Posts: 20
I've been trying to understand j2ee security/jass for a week now and still i can't keep the terms straight. I will share my opinion on your question, hoping someone will bring some light.

As far as i understood, declarative security (or container managed security) is handled by the container(DOH!). How it is handled it depends on container implementation.Websphere for example, uses jaas for authentication.The special servlet j_security_check verifies credentials with the help of jaas login modules.So even though you use declarative security, in websphere you are using jass indirectly.Websphere authentication

Programmatic security can be of 2 flavors:

1.Using the request object methods:isUserInRole, getRemoteUser

2.Using jaas login modules

If someone has a different opinion please share some light.

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS: Declarative or Programmatic Security
 
Similar Threads
Servlets and Security - Q
need help,2 questions
Passed SCEA part 2/3
mock question on security
Custom Authentication