Re: [jBoss-Dev] jaas

[Oleg Nitz]

Hi Wim,

On Saturday 27 January 2001 23:15, Wim De Clercq wrote:
> I am trying to understand how JAAS is used in JBoss. Is it correct
> that only JAAS authentication is supported (just like in WL Server
> 6.0)? 
Use of JAAS is optional. You may implement RealmMapping and 
EJBSecurityManager interfaces directly.
These interfaces form the basic layer of JBossSecurity, JBoss JAAS 
stuff forms a layer over it, providing additional services. 

> Code executed by the server does never seem to run with the
> permissions of the Subject (with doAs). 
Correct.

> Would it not make sense to use JAAS authorization? 
> (I read in the Connector Architecture spec that it is not required.)
For me it makes sense, JAAS authentication provides standard API, 
which is better than a proprietary API just because it is standard. 
Do you think that JAAS shouldn't be used if JAAS authorization is not 
needed?

Oleg