RE: [jBoss-Dev] jaas

[Wim De Clercq]

Oleg Nitz wrote
>...
> Do you think that JAAS shouldn't be used if JAAS authorization is not
> needed?
No, I think it should. Anyway a JAAS subject is also needed for the security
contract between the server and a resource adapter when using connectors.
IMHO it makes sense to use JAAS by default and as much as possible, i.e.
also for authorization. (BTW J2SE 1.4 will include the jaas package.)

Wim