![Close [x]](http://dw1.s81c.com/i/c.gif){kind=small}
About this tutorial
There is perhaps no software engineering topic of more timely importance than application security. Attacks are costly, whether the attack comes from inside or out, and some attacks can expose a software company to liability for damages. As computer (and especially Internet) technologies evolve, security attacks are becoming more sophisticated and frequent. Staying on top of the most up-to-date techniques and tools is one key to application security; the other is a solid foundation in proven technologies such as data encryption, authentication, and authorization.
In this two-part tutorial, we've been learning about the security features of the Java platform. Part 1 served as a beginner's introduction to Java cryptography. Here, in Part 2, we'll expand the discussion to encompass access control, which is managed in the Java platform by the Java Authentication and Authorization Service (JAAS).
This is an intermediate-level tutorial. It is assumed that you know how to read and write basic Java applications and applets. If you're already a Java programmer, and you've been curious about authentication and authorization technologies and the Java library that supports them, then this tutorial is for you.
We'll start with an introduction to the basic concepts of authentication and authorization, as well as an architectural overview of JAAS. Next, we'll use a JAAS sample application to take your understanding of JAAS from theory to practice, both by breaking down the components of the application and by viewing the final execution result. As part of this exercise, we'll study a variety of JAAS configuration options that will help further cement the concepts you've learned.
JAAS is a complex technology, rich in function and features. We'll take it in slowly, in bite-sized chunks, and it is recommended that you go over each new concept more than once. By the end of the tutorial you will have a good foundation for working with JAAS on your own.
You need not have taken Part 1 of this tutorial to understand Part 2.
Tools, code samples, and installation requirements
JAAS started out as an extension to the Java 2 platform, Standard Edition. Recently, however, it has been added to version 1.4. To complete this tutorial you will need the following:
-
JDK 1.4, Standard Edition
- The tutorial source code and classes, JavaSecurity2-source.jar, so that you can follow the examples as we go along.
- A browser that supports the Java 1.4 plug-in.
You can use JDK 1.3.x, but you must install the JCE and JSSE yourself.
Table of contents
Next steps from IBM
WebSphere Portal can help your small and midsize business achieve better website security, along with faster time to value with easily deployable and customizable example Web sites.
- Try: Download a free trial version of IBM WebSphere Portal Express V6.1, which offers collaboration, document management, and secure Web content management.
- Article: This article provides an overview of the WebSphere Portal security architecture, including internet security, and secure connections between clients.
- Tutorial: This tutorial take you through the steps to develop and test your first portlet WebSphere Portal Test Environment.
- Demo: These demos show Web 2.0 features available today within WebSphere Portal, as well as several features planned for the future.
- Buy: IBM WebSphere Portal Express
Tags
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).
My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Popular tutorial tags |
My tutorial tagsSkip to tags list
Popular tutorial tags |
My tutorial tags
