JAAS « Security « Java Articles

1.	Build Deploy
2.	Class
3.	Core Library
4.	Data Types
5.	Database JDBC
6.	Design
7.	Development
8.	File Input Output
9.	Graphics Desktop
10.	J2EE Enterprise
11.	J2ME Wireless
12.	JVM
13.	Language
14.	Library Product
15.	Network
16.	Security
17.	SOA Web Services
18.	Test
19.	Web Development
20.	XML

Java Articles » Security » JAAS

1. Using JAAS for Authorization & Authentication theserverside.com

This paper explains how to use the Java Authentication and Authorization API (JAAS). It plugs JAAS into the Struts framework. Though this paper focuses on Struts, and in particular the example application distributed with Struts, the lessons learned should be applicable to any MVC web framework.

2. The Power of JAAS: Security System Alternatives theserverside.com

However, the article did not discuss, in detail, alternatives to using LDAP directly for Java Authentication and Authorization Service (JAAS) security, such as a Trust Association, one of the more popular system alternatives. Essentially, the power of JAAS is in its ability to use almost any underlying security system. One of those approaches is to use a Trust Association Interceptor (TAI) instead of direct LDAP access.

3. How JAAS enables use of custom security repositories with J2EE applications theserverside.com

J2EE application servers that implement JAAS provide enterprise application developers with the standard Login Module API for tapping custom or legacy security systems from their applications. While application developers write to the LoginModule API (specifically, the LoginContext API), the application server implements the LoginModule interface.

4. Java Authentication and Authorization Service (JAAS)in Java 2, Standard Edition (J2SE) 1.4 java.sun.com

Traditional Java security mechanisms didn't provide the infrastructure required to support traditional authentication and authorization; security in J2SE is based on public key cryptography and code signing. In other words, authentication was based on the idea that code is executing in the JVM and not a principal making a request for a resource. And authorization was based on the notion that the code attempts to use a computing resource. The Java Authentication and Authorization Service (JAAS) was designed to address these shortcomings.

5. Enhance Java GSSAPI with a login interface using JAAS ibm.com

GSSAPI can be enhanced with the provision of a login interface by leveraging the login architecture of the Java Authentication and Authorization Service (JAAS). The JAAS login process is akin to the two-phase commit process used in transaction processing systems where participants prepare their transactions in the first phase and commit the transactions during the second phase only when all participants were successful in the first, prepare phase. They abort and rollback the transaction if one or more participants failed in the prepare phase.

6. Extend JAAS for class instance-level authorization ibm.com

Unfortunately, the Java Authentication and Authorization Service (JAAS), which is part of the Java 2 platform, does not allow for class instance-level access control or special relationships. In this article, we will extend the JAAS framework to include both. The driving motivation behind this extension is to allow us to separate access control into a generalized framework that uses policies based on ownership and special relationships. These policies may then be changed by an administrator over the lifespan of an application.

7. J2EE pathfinder: Java security with JAAS and JSSE ibm.com

Suffice it to say that with the introduction of the J2EE Web application security architecture, we're reaping the rewards of nearly 10 years of trial and error, and it shows. The J2EE security framework consists of three APIs: the Java Authentication and Authorization Service (JAAS), Java Secure Socket Extension (JSSE), and Java Cryptography (JCE). While JCE is an interesting and important API, it's not quite so central to our interests as the "big three" of secure Web application development: authentication, authorization, and transport. So in this month's column we'll focus on the JAAS and JSSE.