| View: | [ 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 ] |
| Articles |
- The Power of JAAS: Security System Alternatives by Frank Teti - [Clicks: 233]
The article did not discuss, in detail, alternatives to using LDAP directly for Java Authentication and Authorization Service (JAAS) security, such as a Trust Association, one of the more popular system alternatives. Essentially, the power of JAAS is in its ability to use almost any underlying security system. One of those approaches is to use a Trust Association Interceptor (TAI) instead of direct LDAP access.
http://www.theserverside.com/articles/article.tss?l=JAASAlternatives - Oct, 2005 - JAAS and the HTTP Session Life Cycle by Rajesh Shah - [Clicks: 289]
The J2EE security framework supports a transparent login process -- even handling expired HTTP sessions with ease. Sometimes, however, you want to know that the user's session has expired. In this article, Rajesh Shah explores a small part of WebLogic Server's Security Framework in an attempt to capture this information.
http://dev2dev.bea.com/pub/a/2005/08/session_lifecycle.html - Aug, 2005 - Cross-Domain Single Sign-On Authentication with JAAS by Kyle Gabhart - [Clicks: 172]
Leverage your existing JAAS enterprise security system to provide SSO across multiple subsystems. Implementing this J2EE security model will take your security architecture to the next level.
http://www.devx.com/security/Article/28849 - Aug, 2005 - Declarative J2EE authentication and authorization with JAAS by Frank Nimphius, Duncan Mills - [Clicks: 362]
This whitepaper explains how to use Oracle JDeveloper to configure declarative J2EE security for web applications. Further it describes using Oracle JDeveloper to deploy secure J2EE web application to an OC4J instance that is setup for custom JAAS LoginModule authentication. The JAAS LoginModules provided as an example perform three different types of database authentication and authorization: based on a physical database schema, based on user and role tables and based on a stored database procedure that returns a Ref Cursor. The LoginModules are tested with OC4J 10.1.2, Oracle JDeveloper 10.1.2 and the Oracle 10g database. An Apache Ant script is provided to help you configuring the JAAS LoginModules and the related demo SQL scripts. All LoginModules, except the two that use container specific data-sources, can also be used with J2SE Swing applications.
[Includes source code]
http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm - Jul, 2005 - Audit Your Struts Configuration Files to Avoid JAAS Errors by Doug Tillman - [Clicks: 166]
By programmatically comparing your Struts configuration files against your JAAS policy file, you can simplify the process of keeping the files synchronized, and automatically get advance warnings if your pages aren't accessible.
[Includes source code]
http://www.devx.com/opensource/Article/27200 - Feb, 2005
