Thanks for the responses.
Still struggling to get a clear picture and the relationship between these technlogies (JAAS, Web app security).
Interestingly, the J2EE specification says
All EJB containers and all web containers must support the use of the JAAS APIs..
But there is nothing mentioned about JAAS in the security chapter(chapter 3) of the specification. In the
servlet 2.3 specifications JAAS is never mentioned.
The following links might be useful. I tried to get these things to work, yet no success.
http://sfg.sourceforge.net http://free.tagish.net/jaas/index.jsp In one of the Sun's forums I've read somebody has suggested to use LDAP/Kerberose/JNDI instead of messing with NT. I don't know exactly what he meant. Let me know if you find out anything.
Thanks.
------------------
Velmurugan Periasamy
Sun Certified Java Programmer
Sybase Certified EAServer Developer
----------------------
Study notes for Sun Java Certification
http://www.geocities.com/velmurugan_p/ [This message has been edited by Velmurugan Periasamy (edited September 25, 2001).]
[This message has been edited by Velmurugan Periasamy (edited September 25, 2001).]