Well it depends on your Architecture.Suppose you are using EJB.Then we don't need use JAAS,as we can use EJB security
Actually JAAS can be used as authentication technology for servlets. One important feature of JAAS is pure
Java implementation. The JAAS infrastructure is divided into two main components: an authentication component and an authorization component. The JAAS authentication component provides the ability to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an
applet, a bean, or a servlet.
It's totally depends on Architecture to Architecture.I don't know much about JAAS,I have just done through this
Article Hope above helps !!
[ September 03, 2004: Message edited by: james edwin ]