I am currently working on the Part 2 assignment. Have been pondering about using JAAS in the solution.
In case of a web application, users would do self-registration (and thereby create their own userids).From what I understand, I can write my call back handlers in JAAS, and can accordingly even authenticate the users, against the userid information persisted in the application database.
However, what I am not able to figure out is , how does this user, get a particular role assigned. In case of both web/ EJB security, i can define the roles, that would access protected resources/methods.. The contents on the net, give an idea that you define the roles, for specific user ids.. in the j2ee server. In this case, the userids are self-created (by users during registration with the sithe) and cannot be fixed by the administrator in the server.
Does that mean, I cant go for JAAS authentication, if i have self registration or am i missing something totally?