It's not a secret anymore!*
The moose likes Security and the fly likes how does big java application implement security (authentication/ authorization)? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "how does big java application implement security (authentication/ authorization)?" Watch "how does big java application implement security (authentication/ authorization)?" New topic
Author

how does big java application implement security (authentication/ authorization)?

raminaa niilian
Ranch Hand

Joined: Jul 14, 2005
Posts: 551
Hi
Thank you for reading my post
I am looking to find out how does big java application (client (swing/web), server (ejb, web services,..) manage the security related concerns?

Do they use container managed security which is usually defined in xml files or they use a method like:

-users table
-role table
-role-details table
-users_role table?

in role details table they define each can access which pages, or can perform which operation on which table...?

do they use jaas for authorization?


thanks
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
I have see quite a few application using J2EE authentication and authorization feature , which is in turn implemented by the server vendor.

And have seen few application which uses JAAS for this purpose.
In my opinion JAAS is more portable across application servers.Minimal support you need from the server.Whereas in case of J2EE's security feature you are closely linked with the application server and vendor procedure.

I have not got much opportunities with work with really huge enterprise systems , but in one such system I found that the authorization and authentication is completely taken care by the domain application.Though it uses JAAS LoginModules for performing the authentication request to the domain application.


Rahul Bhattacharjee
LinkedIn - Blog
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: how does big java application implement security (authentication/ authorization)?
 
Similar Threads
Webapp-Security chapter revision notes from HFSJ , may be useful
Spring security authentication using RMI
Regarding JAAS
Does Spring Web Flow 2 have role based authorization to execute flow feature?
When to not use EJB