O'Reilly logo

Java Enterprise in a Nutshell, Third Edition by William Crawford, Jim Farley

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A Look at Java and J2EE Security Standards

J2EE security builds on the foundation of the Java security APIs. These APIs include application-level interfaces such as the Java Authentication and Authorization Service (JAAS) and the Java Authorization Contract for Containers (JACC ) as well as lower-level APIs such as the Java Cryptography Extension (JCE ), the Java Secure Socket Extension (JSSE), and the Java Generic Security Services (GSS) API. While the nuts and bolts of these standards are often hidden from the developer, it helps to understand what security pieces the standards provide, especially as you evaluate application servers or security providers, for example.

Authentication and Authorization in Java Security

The core Java security model is based on .policy files that govern the allowed operations for specific pieces of code. These pieces of code are defined based on their packages and classes, where the code originated, and who (if anyone) signed the code. This level of security is often called code-level security, since you are authorizing chunks of code to do specific things rather than the users who are interacting with the code.

JAAS enhances the Java security model by providing user-level security. JAAS deals with authenticating users (referred to in JAAS as subjects) and authorizing them to run certain programs, applets, or jars based on a variety of criteria, all specified in the same .policy file used for code-level security. JAAS is a required element in both ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required