File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JAAS: Declarative or Programmatic Security

 
Chris Dempsey
Greenhorn
Posts: 9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
During a recent discussion about our project's security implementation a friend of mine and I got into a debate on whether JAAS was declarative security or programmatic. I contented that it was programmatic security since at some point your code under security must make a security check within the code. My pal said it was declarative because JAAS is configured by a policy file that was configurable outside of Java code.

What is the view of my fellow Ranchers?
 
Ionut Barau
Greenhorn
Posts: 25
1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've been trying to understand j2ee security/jass for a week now and still i can't keep the terms straight. I will share my opinion on your question, hoping someone will bring some light.

As far as i understood, declarative security (or container managed security) is handled by the container(DOH!). How it is handled it depends on container implementation.Websphere for example, uses jaas for authentication.The special servlet j_security_check verifies credentials with the help of jaas login modules.So even though you use declarative security, in websphere you are using jass indirectly.Websphere authentication

Programmatic security can be of 2 flavors:

1.Using the request object methods:isUserInRole, getRemoteUser

2.Using jaas login modules

If someone has a different opinion please share some light.

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic