Silicon Valley Code Camp : October 3rd and 4th, 2009session
Security As A Service
About This Session
Java EE security has limitations (static within a deployed application, not granular, and Java EE roles are not hierarchical). Java Authentication and Authorization Service (JAAS) mitigates many of the Java security model drawbacks, but it doesn’t support security services such as single sign-on, audit, role mapping, etc. This presentation describes a standards-based security services framework that builds on JAAS and other Java standards, allowing Java programmers to weave security in their applications declaratively, independently from business logic.