Resources

Learn

• Read Part 1 of this tutorial series, "Crypto basics," also by Brad Rubin.
  
  
• See the Java Developer Connection for a complete listing of Java permissions.
  
  
• While not covered in this tutorial, the Java General Security Service (JGSS), new with JDK 1.4, provides a generic framework for securely exchanging messages between applications. A recently released whitepaper from Sun discusses how JAAS, JGSS, and Kerberos can be used to provide single sign-on application security.
  
  
• Sun also hosts several tutorials and user guides describing the different uses and procedures of JAAS and JGSS. One particularly good reference guide describes when to use JGSS versus JSEE.
  
  
• See Sun Microsystems's Java Security site to learn more about the most current Java security technologies.
  
  
• Joseph Sinclair offers a three-pronged solution for identifying users in the series "Securing systems" (developerWorks, June 2001).
  
  
• Once you've got the basics down, Carlos Fonseca will show you how to "Extend JAAS for class instance-level authorization" (developerWorks, April 2002).
  
  
• In "Enhance Java GSSAPI with a login interface using JAAS" Thomas Owusu provides some insight on credentials and secret keys (developerWorks, November 2001).
  
  
• For an overall discussion of Web security and Java technology, see Web Security, Privacy, and Commerce, 2nd Edition , by Simson Garfinkel and Gene Spafford, O'Reilly, 2002.
  
  
• If you want to focus more on Java security, see Professional Java Security , by Jess Garms and Daniel Somerfield, Wrox Press, 2001.
  
  
• Another great resource for learning about Java security is Java Security , by Scott Oaks, O'Reilly & Associates, 2001.
  
  
• Find out what everyone needs to know about security in order to survive and be competitive in Secrets and Lies: Digital Security in a Networked World (http://www.counterpane.com/sandl.html), by Bruce Schneier, 2000.
  
  
• If you want to focus on authentication technologies, see Authentication: From passwords to public keys , by Richard E. Smith, Addison-Wesley, 2002.
  
  
• The IBM Java Security Research page details various security projects in the works.
  
  
• Visit the Tivoli Developer domain for help in building and maintaining the security of your e-business.
  
  
• You'll find hundreds of articles about every aspect of Java programming in the developerWorks Java technology zone.
  
  
• See the developerWorks tutorials page for a complete listing of Java technology-related free tutorials from developerWorks.
  
  

Get products and technologies

• Download the complete source code and classes used in this tutorial, JavaSecurity2-source.jar.
  
  
• The Java 2 platform, Standard Edition is available from Sun Microsystems.
  
  

7 of 8 | Previous | Next

Comments

Back to top

Table of contents

• About this tutorial
• Conceptual overview
• Authentication in JAAS
• Authorization in JAAS
• JAAS example
• Wrap-up
• Resources
• About the author

---

7 of 8 | Previous | Next

Next steps from IBM

WebSphere Portal can help your small and midsize business achieve better website security, along with faster time to value with easily deployable and customizable example Web sites.

---

• Try: Download a free trial version of IBM WebSphere Portal Express V6.1, which offers collaboration, document management, and secure Web content management.
• Article: This article provides an overview of the WebSphere Portal security architecture, including internet security, and secure connections between clients.
• Tutorial: This tutorial take you through the steps to develop and test your first portlet WebSphere Portal Test Environment.
• Demo: These demos show Web 2.0 features available today within WebSphere Portal, as well as several features planned for the future.
• Buy: IBM WebSphere Portal Express

Dig deeper into Java on developerWorks

Discover knowledge paths

Skill-building guides for Java, Linux, open source, cloud, business analytics, and more.