Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Regarding JAAS

 
Giju George
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you guys think JAAS is a better option for Authentication and Authorization ? . The web client can also use form based authenticaton, which can then pass the principal/role from web tier to ejb tier for authorization.
 
Marie Pierre Courbevoie
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Giju

I'll recommand reading IBM redbook SG246573 (free download from http://www.redbooks.ibm.com ) chapter 6 through 8, these chapters are enough generic to be applied to any J2EE server. It's really excellent, you can find all what you need to configure security in a J2EE system (declarative and programatic security, client side and server side authentication,JAAS, CSIV 2,LTPA, J2EE client and thin java client...).
Best security practices are, really, well commented

Regards
Marie Pierre
[ August 19, 2005: Message edited by: Marie Pierre Courbevoie ]
 
Vinay Singh
Ranch Hand
Posts: 174
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Marie. That was a cool link.
Vinay
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic