Introduced in 1995, Java has firmly established itself as a mature mainstream
programming language for enterprises. The Java platform security model has
evolved over the years to meet new requirements, and today enterprise Java
developers have a large number of APIs and services to choose from to fulfill
their security needs.
Originally touted as a secure runtime environment for downloadable
executables (applets), Java platform security received a lot of attention
early on and the rather inflexible security model was quickly identified as a
weakness in the system. With the Java 2 Platform, Enterprise Edition (J2EE),
Sun revamped the Java platform security model and introduced a fine-grained,
flexible, and extensible security model for code-based security. This new
model has largely been a success but it was restricted to code-based
security. This makes sense for br... (more)
Since 2001 when Java Authentication and Authorization Service (JAAS) was
formally included in the Java 2 Platform Enterprise Edition (J2EE) 1.3
platform specification, the J2EE community has been grappling with the issue
of JAAS/J2EE integration. On the surface, JAAS seems to be an excellent
complement to J2EE: JAAS defines a pluggable Application Programming
Interface (API) for authentication modules and a fine-grained Subject-based
authorization model, which are both lacking in the existing J2EE security
model. Since JAAS is officially part of the J2EE platform specification, i... (more)
Raymond K. Ng has been a professional software developer for 15 years and has been involved in high-scale enterprise Java development since JDK 1.0. He currently serves as architect and development lead of Oracle Platform Security Services (OPSS) and serves on the JCP Expert Groups for JSR 115 (JACC) and JSR 196. Raymond is a Consulting Member of the Technical Staff at Oracle Corporation and is the holder of multiple patents.
Charles Araujo
Emily Jackson
Brendan Harding
