File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Regarding JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Regarding JAAS" Watch "Regarding JAAS" New topic

Regarding JAAS

Giju George
Ranch Hand

Joined: Jun 08, 2004
Posts: 333
Do you guys think JAAS is a better option for Authentication and Authorization ? . The web client can also use form based authenticaton, which can then pass the principal/role from web tier to ejb tier for authorization.

SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCEA
Marie Pierre Courbevoie
Ranch Hand

Joined: Aug 01, 2005
Posts: 32

I'll recommand reading IBM redbook SG246573 (free download from ) chapter 6 through 8, these chapters are enough generic to be applied to any J2EE server. It's really excellent, you can find all what you need to configure security in a J2EE system (declarative and programatic security, client side and server side authentication,JAAS, CSIV 2,LTPA, J2EE client and thin java client...).
Best security practices are, really, well commented

Marie Pierre
[ August 19, 2005: Message edited by: Marie Pierre Courbevoie ]
Vinay Singh
Ranch Hand

Joined: Dec 15, 2004
Posts: 174
Thanks Marie. That was a cool link.

Technical quiz and interview questions   SCJP 6 mock practice test
I agree. Here's the link:
subject: Regarding JAAS
It's not a secret anymore!