Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

JAAS vs Spring securit..

 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

In my project I got a requirement to implement security and the project is using spring.

But I am confused between JAAS and spring.

Can any of you help me please to clear these confusions?

1. What are the differences between spring security and JAAS security?

2. To achieve the security is it necessary to use JAAS in spring or spring provides some API to implement the authentication and authorization?

3. If the answer is yes to use JAAS with spring , then we can authenticate the user as follow:

If(form.userName.equals(db.user_name)){
Returs true;
}
Else{
Return false
}
Without JAAS.
Then Why to use JAAS? What are the advantages of using it?


Thanks in advance
Geeta
 
Ranch Hand
Posts: 820
IntelliJ IDE VI Editor Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JAAS is one of the authentication providers that Spring can use. Note that JAAS works at a lower level than web-application. It has hooks (if that is the right term) into the application server and operating system. Spring Security works in the application layer. It has its own authentication API that is very good and does not need to use JAAS. Often an existing JAAS provider is used when Spring security is implemented. In most cases, a new project would not be enhanced by using JAAS.

Spring Security based on ACEGI and ACEGI vs JAAS was covered: https://coderanch.com/t/134325/Security/ACEGI-JAAS
 
Geeta Puttappanavar
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim McGuire wrote:JAAS is one of the authentication providers that Spring can use. Note that JAAS works at a lower level than web-application. It has hooks (if that is the right term) into the application server and operating system. Spring Security works in the application layer. It has its own authentication API that is very good and does not need to use JAAS. Often an existing JAAS provider is used when Spring security is implemented. In most cases, a new project would not be enhanced by using JAAS.

Spring Security based on ACEGI and ACEGI vs JAAS was covered: https://coderanch.com/t/134325/Security/ACEGI-JAAS




Thanks alot for the response Tim. As of now I am implementing Spring Security.

Can you please help me to write customized UserDetailsService.

1. I should implement UserDetailsService by some separate service class or by Dao class to give implementation for loadUserByUsername method?
2. In loadUserByUsername() method we provide only the user name and where to provide password?
ex in below code I am not providing the password.


How the spring comes to know about the credentials?
Request you to explain with ex.


Regards,
Geeta
 
Amateurs built google. Professionals built the titanic. We can't find the guy that built this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic