my dog learned polymorphism*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Regarding JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Regarding JAAS" Watch "Regarding JAAS" New topic
Author

Regarding JAAS

Giju George
Ranch Hand

Joined: Jun 08, 2004
Posts: 333
Do you guys think JAAS is a better option for Authentication and Authorization ? . The web client can also use form based authenticaton, which can then pass the principal/role from web tier to ejb tier for authorization.


SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCEA
Marie Pierre Courbevoie
Ranch Hand

Joined: Aug 01, 2005
Posts: 32
Giju

I'll recommand reading IBM redbook SG246573 (free download from http://www.redbooks.ibm.com ) chapter 6 through 8, these chapters are enough generic to be applied to any J2EE server. It's really excellent, you can find all what you need to configure security in a J2EE system (declarative and programatic security, client side and server side authentication,JAAS, CSIV 2,LTPA, J2EE client and thin java client...).
Best security practices are, really, well commented

Regards
Marie Pierre
[ August 19, 2005: Message edited by: Marie Pierre Courbevoie ]
Vinay Singh
Ranch Hand

Joined: Dec 15, 2004
Posts: 174
Thanks Marie. That was a cool link.
Vinay


Technical quiz and interview questions   SCJP 6 mock practice test
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Regarding JAAS