Home arrow Java arrow Page 2 - JAAS, Securing J2EE Applications: Securing Web Components

JAAS, Securing J2EE Applications: Securing Web Components

Web applications must be developed with security in mind right from the start. Developers should plan for securing a web application with both the web server and the application server in mind. Securing a J2EE application can seem very complicated, however. This article, the first of two parts, explains how to secure J2EE web components.

Author Info:
By: A.P.Rajshekhar
Rating: 4 stars4 stars4 stars4 stars4 stars / 39
August 17, 2005
  1. · JAAS, Securing J2EE Applications: Securing Web Components
  2. · JAAS: What is it?
  3. · Subject, Principal and Credentials
  4. · Implementing the JAAS Security Module
  5. · 2. Write the CallBackHandler
  6. · 4. Configure the JAAS policy file
  7. · Using the JAAS Module to Secure the Web Component

print this article

JAAS, Securing J2EE Applications: Securing Web Components - JAAS: What is it?
(Page 2 of 7 )

Traditionally the security provided by Java (I will be using the term Java when referring to J2SE) provided code based security. In code based security, the signature of the code along with the origin of the code is verified. The privileges of the user running the code are never checked. Thus access control is never enforced. To overcome this limitation, the JAAS package was introduced. In the current version, JAAS is one of the core modules of the Java Development Kit. JAAS has two components: an authentication component, and an authorization component. 

The authentication component provides services to verify the credentials of the user who is trying to execute the code. The authorization component supplements the existing code security features by restricting the code from performing sensitive system tasks. This is done by enforcing the access control based on the authentication. The authorization module is able to provide this service to any type of code whether it is being executed from within an application, applet and servlet or for that matter EJB. Apart from the above, JAAS does its authentication and authorization in a pluggable fashion. These two features of JAAS makes it a "lucrative proposition" in its application of securing J2EE applications.

Why use JAAS?

In the context of J2EE, the answer to the above query lies in the following facts:

  • As already described, JAAS compliments the security features provided by Java.

  • It fits "hand-in-glove" with J2EE security. The integration of JAAS with J2EE is really very easy.

  • The authentication done by JAAS follows Pluggable Authentication Module design approach. This approach decouples Java from the underlying authentication technique. Variations in authentication techniques can be achieved without rewriting the code.

  • The pluggable nature of JAAS also ensures vendor neutrality.

blog comments powered by Disqus

- Java Too Insecure, Says Microsoft Researcher
- Google Beats Oracle in Java Ruling
- Deploying Multiple Java Applets as One
- Deploying Java Applets
- Understanding Deployment Frameworks
- Database Programming in Java Using JDBC
- Extension Interfaces and SAX
- Entities, Handlers and SAX
- Advanced SAX
- Conversions and Java Print Streams
- Formatters and Java Print Streams
- Java Print Streams
- Wildcards, Arrays, and Generics in Java
- Wildcards and Generic Methods in Java
- Finishing the Project: Java Web Development ...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials