Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how does big java application implement security (authentication/ authorization)?

 
raminaa niilian
Ranch Hand
Posts: 551
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Thank you for reading my post
I am looking to find out how does big java application (client (swing/web), server (ejb, web services,..) manage the security related concerns?

Do they use container managed security which is usually defined in xml files or they use a method like:

-users table
-role table
-role-details table
-users_role table?

in role details table they define each can access which pages, or can perform which operation on which table...?

do they use jaas for authorization?


thanks
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have see quite a few application using J2EE authentication and authorization feature , which is in turn implemented by the server vendor.

And have seen few application which uses JAAS for this purpose.
In my opinion JAAS is more portable across application servers.Minimal support you need from the server.Whereas in case of J2EE's security feature you are closely linked with the application server and vendor procedure.

I have not got much opportunities with work with really huge enterprise systems , but in one such system I found that the authorization and authentication is completely taken care by the domain application.Though it uses JAAS LoginModules for performing the authentication request to the domain application.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic