Since 2001 when Java Authentication and Authorization Service (JAAS) was
formally included in the Java 2 Platform Enterprise Edition (J2EE) 1.3
platform specification, the J2EE community has been grappling with the issue
of JAAS/J2EE integration. On the surface, JAAS seems to be an excellent
complement to J2EE: JAAS defines a pluggable Application Programming
Interface (API) for authentication modules and a fine-grained Subject-based
authorization model, which are both lacking in the existing J2EE security
model. Since JAAS is officially part of the J2EE platform specification, it's
not unreasonable to expect that you can now leverage the JAAS framework to
build portable enterprise applications that have advanced authentication and
authorization requirements. Unfortunately, any Java architects or developers
who go down this path for their applications will soon be c... (more)
Introduced in 1995, Java has firmly established itself as a mature mainstream
programming language for enterprises. The Java platform security model has
evolved over the years to meet new requirements, and today enterprise Java
developers have a large number of APIs and services to choose from to fulfill
their security needs.
Originally touted as a secure runtime environment for downloadable
executables (applets), Java platform security received a lot of attention
early on and the rather inflexible security model was quickly identified as a
weakness in the system. With the Java ... (more)