File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes J2EE authentication/authorizaion: does JAAS handle system users and applicaiton users Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "J2EE authentication/authorizaion: does JAAS handle system users and applicaiton users" Watch "J2EE authentication/authorizaion: does JAAS handle system users and applicaiton users" New topic
Author

J2EE authentication/authorizaion: does JAAS handle system users and applicaiton users

ray livia
Greenhorn

Joined: Aug 04, 2007
Posts: 16
For security topic, I am quite confused on followings:
1. Login mechanisms specified by the J2EE platform (HTTP basic authentication, SSL authentication, or form-based login)
2. JAAS approaches
3. Customized login and authoriazation application modules

My quesitons are:
1. Does JAAS support both 1 and 3?

2. Is it correct always: There are two kinds of users in an application: J2EE system users and application users. System users are created as users in the J2EE platform, using vendor-specific tools. Application users are represented and managed by application code.

3. What are different of JAAS and Customized login and authoriazation application modules for applicaiton users?
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
To Provide or proctect Web resource , and make force the authentication,whenever unknown user or request comes to this secured web resource, be it jsp or servlet,

There are four methods available
1. Basic - JUst popup for user authentication and credentials are sent in base64
2. Client cert - or mutual authentication
3. Form based - To have customized and a cool authentication login page
4. digest - here credentials are digested in md5 or sha specified.


These are ways by which user authentication is forced.

Now How to Validate the credentials with already you hae to know whether the user is the real user with correct credentials

For that we have JAAS
other means are realms. You can authenticate using LDAP, DB [RDBMS Realm]


SCJP 1.4 SCWCD 1.4 SCDJWS 1.4
 
Consider Paul's rocket mass heater.
 
subject: J2EE authentication/authorizaion: does JAAS handle system users and applicaiton users