Geek Answers Handbook

"Spring Security" and "Java Authentication and Authorization Service (jaas)"

I'm so new to Spring and Spring security, we have an extended Java application (not a web application) and are trying to use Spring as a framework. I read a little about jaas and created a simple jaas security system for my application (not perfect).

Now, since we want to integrate with the Spring framework, I have a few questions:

  • Is there "Spring Security" based on "jaas" or can it use jaas as an optional provider that can be replaced with something completely different?

  • Does Spring Security have the ability to manage multiple concurrent users in a single application? (especially for authorization)

  • I found that you need to work hard to convert the basic jaas api to a useful api (using DB, user / group management classes, ...), and what is "Spring Security"? (it seems that we have a lot of useful implementations in jaas-Provider)

  • Do you know any sample code using "Spring Security" for your swing application?

Thanks so much for your time.

+8
spring security authorization jaas
source share
2 answers
  • Spring Security is not based on JAAS. Indeed, he can use JAAS as an optional provider.
  • Yes Yes. I am not sure to fully understand your question, as if he could not, it would be pointless.
  • Building a JAAS provider is really a lot. Developing a Spring Security Authentication Provider is much simpler.
  • You will find a good example here.
+16
source share

Spring Security integrates perfectly with JAAS.

Parallel users are individually controlled both from the point of view of authentication and authorization and include many constructions for setting authorization, from taglibs to pointcuts and annotations.

+1
source share

More articles:


All Articles