File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes I need a good resource for understanding JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "I need a good resource for understanding JAAS" Watch "I need a good resource for understanding JAAS" New topic

I need a good resource for understanding JAAS

Aditya Vasudeva
Ranch Hand

Joined: May 27, 2008
Posts: 76
I am working on a project and am very new to the security API. I dont have any idea about security in JAVA. My project contains servlets, jsp's, ejb's and a database managed by IBM DB2. Could you please suggest a good resource, book or online tutorial which could help me to progress. I need to develop authentication using usernames and passwords, authorization for different types of users with different roles and other security related issues I may need to implement.
I would prefer a resource which uses EJB 3.0(if at all it uses it) as I an SCBCD 5 certified.
I tried the doc tutorials and guides available on but I found them really confusing.
Please suggest something easy yet very helpful.

Waiting eagerly for a response...
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
How is it possible that you are SCBCD 5 certified and have no idea about Java security? This is very disturbing.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
The links to introductory material about JAAS, including two recent JavaRanch Journal articles (whose author hangs out here at the ranch, ready to answer questions).

Note that most web apps don't use JAAS, but the servlet security that's built into the servlet API (which gets defined in the web.xml file).
[ August 11, 2008: Message edited by: Ulf Dittmer ]
I agree. Here's the link:
subject: I need a good resource for understanding JAAS
It's not a secret anymore!