In this article, Frank Teti shows us how to architect for RBAC within an environment centered on J2EE using a TAI.
J2EE security is still all about application-bound authorization and authentication not perimeter security. However, in a highly distributed J2EE architecture, the evolving Java 2 Security “Sandbox Model”, including Java Authentication and Authorization Service (JAAS) 1.0 plus vendor extensions is essentially a ubiquitous, enterprise-wide security model.
The power of JAAS is in its ability to use almost any underlying security system, such as, the local operating system, LDAP, RACF or Oblix NetPoint. Increasingly, one of the more popular alternatives is to use a Trust Association Interceptor (TAI). A TAI provides support to J2EE resources for role-based access and user-based single sign-on and is becoming one of the more popular alternatives.
Read "The Power of JAAS: Security System Alternatives"
Wednesday, October 19, 2005
Article: The Power of JAAS: Security System Alternatives
Posted by: Regina Lynch on October 18, 2005 @ 11:40 AM
Subscribe to:
Post Comments (Atom)
1 comment:
Hi,
you should have a look towards jGuard which enable easy JAAS/RBAC integration in j2ee environments .
sincerly yours,
Charles(jGuard team).
Post a Comment