Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JAAS risks

 
Surasak Leenapongpanit
Ranch Hand
Posts: 341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Can anybody list out the risks associated with using jaas?
Thanks.
 
Pankaj Kr
Author
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is not clear whether you are asking for risks associated with (i) writing a LoginModule as per JAAS specification; (ii) using a JAAS based Login Module for an Authentication Server; or (iii)the JAAS mechanism of specifying specific authorizations in a policy file. As with any project, uses of any of these include risks.
One thing that I would like to mention is that JAAS based authentication becomes fairly complicated in a client-server environment. (No wonder that Web Apps and EJB Apps do not use it directly -- most of it is hidden by the respective containers).
The file based policy specification also has admin. and auditing problems -- but this is not an inherent limitation of JAAS. JAAS allows pluggable implementation of policy database and corresponding provider. For a production envrionment, one should use a good provider.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic