For security topic, I am quite confused on followings:
1. Login mechanisms specified by the J2EE platform (HTTP basic authentication, SSL authentication, or form-based login)
2. JAAS approaches
3. Customized login and authoriazation application modules
My quesitons are:
1. Does JAAS support both 1 and 3?
2. Is it correct always: There are two kinds of users in an application: J2EE system users and application users. System users are created as users in the J2EE platform, using vendor-specific tools. Application users are represented and managed by application code.
3. What are different of JAAS and Customized login and authoriazation application modules for applicaiton users?