JAAS Security

The Java Authentication and Authorization Service, as its name implies, consists of two main components: authentication and authorization components. The authentication is performed in a pluggable fashion because JAAS implements the standard Pluggable Authentication Module (PAM) framework, which is common on Unix platforms. This allows application code to be independent from the underlying security realm in the physical environment. Therefore, any new authentication mechanism can be plugged in as a module (similar to a driver) into the JAAS framework. Sample authentication mechanisms exist today for JNDI, Unix, and Windows NT.

After the user executing the code has been authenticated, the JAAS authorization component uses the access ...

Get Sams Teach Yourself EJB in 21 Days now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.