We are implementing Security for our J2EE Application for both EJB and Web App layer using Weblogic 7.0 Application Server. We can provide security for the Web App layer by using Form/Digest Authentication. We can provide Authorization by Declaration without writing single line of java code by adding xml tags in web.xml and weblogic.xml deployment descriptors.
I read the use of JAAS in J2EE Security. How good JAAS Security Implementation fits into J2EE Web App layer? Should we use JAAS only for CORBA / RMI Clients that access EJB layer? Is it common practice to use JAAS security for J2EE security in Web APP Layer?
I think Form/Digest Authentication will be used for basic level of security where as JAAS will be used for customized and tighter security. Appreciate any comments, suggestions or links.
I read the use of JAAS in J2EE Security. How good JAAS Security Implementation fits into J2EE Web App layer? Should we use JAAS only for CORBA / RMI Clients that access EJB layer? Is it common practice to use JAAS security for J2EE security in Web APP Layer?
I think Form/Digest Authentication will be used for basic level of security where as JAAS will be used for customized and tighter security. Appreciate any comments, suggestions or links.
