Wednesday, October 19, 2005

Article: The Power of JAAS: Security System Alternatives

Posted by: Regina Lynch on October 18, 2005 @ 11:40 AM

In this article, Frank Teti shows us how to architect for RBAC within an environment centered on J2EE using a TAI.

J2EE security is still all about application-bound authorization and authentication not perimeter security. However, in a highly distributed J2EE architecture, the evolving Java 2 Security “Sandbox Model”, including Java Authentication and Authorization Service (JAAS) 1.0 plus vendor extensions is essentially a ubiquitous, enterprise-wide security model.

The power of JAAS is in its ability to use almost any underlying security system, such as, the local operating system, LDAP, RACF or Oblix NetPoint. Increasingly, one of the more popular alternatives is to use a Trust Association Interceptor (TAI). A TAI provides support to J2EE resources for role-based access and user-based single sign-on and is becoming one of the more popular alternatives.

Read "The Power of JAAS: Security System Alternatives"


1 comment:

Anonymous said...

Hi,
you should have a look towards jGuard which enable easy JAAS/RBAC integration in j2ee environments .
sincerly yours,

Charles(jGuard team).