Talk:Java Authentication and Authorization Service

My first impression of JAAS is that it is rather complex. Wouldn't it suffice to have 3 components:

  • a client,
  • a server session and
  • a server authorisation

The client communicates with the server authorisation module, which updates the client's role in the server session. The client's role is checked before any method is called. Could anyone explain why JAAS needs 7 modules and 15 communication messages instead of only 3 modules and 3 communication messages in my approach? —Preceding unsigned comment added by 81.246.190.66 (talkcontribs)


JAAS's callback handling is complicated, but that's the price of flexibility. Also, the components of JAAS are similar to your list:
  • the client application
  • the common library that reads config files and routes to authentication modules
  • the authentication modules
And the messages could be characterized as:
  • login-start
  • callback-query
  • callback-response
  • login-commit
  • logout
So I don't see how you can say it's complex. It has about the same complexity of PAM, but JAAS looks a lot better specified. I don't understand the negativity that many people hold against JAAS. DLeonard (talk) 16:24, 21 January 2010 (UTC)[reply]

Java code-based security?

[JAAS] is a Java security framework for user-centric security to augment the Java code-based security.

What is Java code-based security? Thanks, --Abdull (talk) 13:47, 17 February 2012 (UTC)[reply]

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.