Win a copy of Escape Velocity: Better Metrics for Agile Teams this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

SCEA security: does JAAS handle system users and applicaiton users

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For security topic, I am quite confused on followings:
1. Login mechanisms specified by the J2EE platform (HTTP basic authentication, SSL authentication, or form-based login)
2. JAAS approaches
3. Customized login and authoriazation application modules

My quesitons are:
1. Does JAAS support both 1 and 3?

2. Is it correct always: There are two kinds of users in an application: J2EE system users and application users. System users are created as users in the J2EE platform, using vendor-specific tools. Application users are represented and managed by application code.

3. What are different of JAAS and Customized login and authoriazation application modules for applicaiton users?
 
ray livia
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Any reply? Is there any wrong in my question?
 
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The Java Authentication and Authorization Service API is part of the Java Enterprise Edition. It is used to create custom login modules and custom authorization modules for applications.
 
ray livia
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks, James,

But I still has some question: is JAAS and container declarative security (role and permission) somehow overlapped? e.g. in user identity check.
 
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
In fact, JAAS is part of Java SE, and by extension, part of J2EE too.
 
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ray,
I think your questions are valid and the answers are not obvious at all.
JAAS is primarily for J2SE. Look at J2EE Tutorial by Sun. They talk about declarative security in it and serveletFilters but not JAAS.
I am sure you know that JAAS is useful when you want to develop your own login module or callback handler, like when you want to implement a voice recognition system for your application. Many of known methods such as authentication by Kerberos and certificates are already implemented.

but back to your question. Read this:
http://rejeev.blogspot.com/2008/04/j2ee-security-and-jaas.html

I know that for example in the context of oracle implementation of J2EE they call it JAAS (previously JAZN) when they pass the information to the \j_security_check (j_username, j_password). I can assume that this is an implementation of LoginModule. see this also (just the first few paragraphs)
http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm

But I don't know when you are using .isUserInRole("rolename") or .getUserPrincipal().getName() you are definitely using JAAS or not.

Regards
Farbod
 
Too many men are afraid of being fools - Henry Ford. Foolish tiny ad:
Garden Master Course kickstarter
https://coderanch.com/t/754577/Garden-Master-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic