Authentication is a login issue. Is this user allowed to use the application. Once you are in the application, it is possible that you have some restricted areas. Like you only want "admin" to see/change other people's passwd.
Here comes autherization. With this feature, you associate rules and roles to the username. Hence, based on the username (the user), you decide if its an "admin" privilaged account or not. If it is, then you allow access to the "Admin" portion of your software.
Hope this help.
- madhav
Take a Minute, Donate an Hour, Change a Life
http://www.ashanet.org/workanhour/2006/?r=Javaranch_ML&a=81