We are looking for role based authorization by using JAAS API. Roles data is available in database (oracle DB), how can we implement the JAAS authorization custom module by interacting with external DB, not the policy file and LDAP data store.
Are there good articles for JAAS API usage? If so please post them as well.
Please help on this issue.
Joined: Mar 22, 2005
The Security FAQ links to some introductory articles covering JAAS.
Basically for authentication you can use absolutely anything as credential store for your application.You can then use Authorisation part of JAAS (login module)for doing the actual authentication.JAASs authorization is build on the top of javas policy based premissions.so you can associate required custom premission with principals and then populate the subject with those principals after a successful authentication. The following articles might help.