Just curious, as I am trying to get authentication/authorization done right myself...
If you only use it for authentication, then why don't you just use the security provided by J2EE? Bart. > -----Original Message----- > From: Ralph Goers [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 23, 2004 10:54 PM > To: [EMAIL PROTECTED] > Subject: Re: Authentication > > Sorry this is late. I've been on vacation. > > JAAS is just a framework, it doesn't actually do any authentication of its > own. The "advantage" you get with JAAS is that it supposedly allows you > to > integrate it with multiple applications. In practice this isn't so easy. > > I am using JAAS behind Cocoon's authentication framework, but I am not > using JAAS for authorization. I found that it didn't make a lot of > sense. Frankly, after doing it I'm not sure the authentication part does > either. > > Ralph > > At 9/20/2004 09:03 AM, you wrote: > >The cocoon authentication framework allows you to use an authenticator > >class. Why can't you just plug JAAS into this class and have the best of > >both worlds? > > > >Regards > >Jorg > > > >Jennifer Yip wrote: > >>Sorry guys - just came out of a long meeting on Security / > Authentication > >>and the question raised was: > >>Is J2EE or JAAS container managed security better than that found in the > >>cocoon (portal) authentication framework? > >>Any help appreciated before this meeting continues in the morning > >>Regards > >>JENNY
