in role details table they define each can access which pages, or can perform which operation on which table...?
do they use jaas for authorization?
posted 8 years ago
I have see quite a few application using J2EE authentication and authorization feature , which is in turn implemented by the server vendor.
And have seen few application which uses JAAS for this purpose. In my opinion JAAS is more portable across application servers.Minimal support you need from the server.Whereas in case of J2EE's security feature you are closely linked with the application server and vendor procedure.
I have not got much opportunities with work with really huge enterprise systems , but in one such system I found that the authorization and authentication is completely taken care by the domain application.Though it uses JAAS LoginModules for performing the authentication request to the domain application.