dcsimg
Web Application Security by JAAS
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Amir_Pashazadeh
Posted On:   Sunday, October 26, 2003 12:47 PM

Hi We are working on an Office Automation project, it is a Java web-based application developed using Struts MVC framework. Is JAAS a suitable solution for applying security on such systems? I don't think there would be any need for other types of authentication but user name and password checking, isn't JAAS too complicated for such thing? And what about the authorization? I found only URL permission checking solutions, but they are not suitable, clients have access to links but they get permission errors clicking them. It would be much better to not have access to those links and they are invisible for that user, is there any solution or sample by JAAS for such task? In this syst   More>>

Hi


We are working on an Office Automation project, it is a Java web-based application developed using Struts MVC framework.


Is JAAS a suitable solution for applying security on such systems? I don't think there would be any need for other types of authentication but user name and password checking, isn't JAAS too complicated for such thing?


And what about the authorization? I found only URL permission checking solutions, but they are not suitable, clients have access to links but they get permission errors clicking them. It would be much better to not have access to those links and they are invisible for that user, is there any solution or sample by JAAS for such task?


In this system we want let Admin grant users dynamicaly and easily, is JAAS a good solution for such a thing?


Regards,
Amir Pashazadeh

   <<Less

Re: Web Application Security by JAAS

Posted By:   Christopher_Koenigsberg  
Posted On:   Monday, October 27, 2003 06:20 AM

I think you are asking some good questions. I don't have the answers but in fact I am interested in seeing what responses you get.


We haven't been able to use JAAS so far in our several web apps' authentication components, neither in the end user apps nor in the "admin modules", but I do keep thinking that we should keep an eye on it for the future.

About | Sitemap | Contact