Add security to applications by using JAAS

Java Authentication and Authorization Service (JAAS) provides the ability to implement the two things that any decent security system needs: authentication and authorization. See how JAAS may save you time and effort the next time you need to add security to your Java app.

Balancing openness and security is
complicated when you’re writing applications that users outside
your company’s normal network sandbox must be able to access or
that access resources needing security protection.

Many Java programmers create their own security
modules for their applications. Most of these modules are for a
specific application; then, when the next app comes along that
needs security, the programmer has to start all over again. Another
drawback of building your own security system for your application
is that, as the application becomes more complex, the security
requirements probably will too.

Java Authentication and Authorization
Service

You can avoid this problem (or at least
significantly reduce the impact of implementing security for your
application) by taking advantage of the Java Authentication and
Authorization Service (JAAS) API, which is in the standard Java
distribution.

JAAS provides the ability to implement the two
things that any decent security system needs: authentication and
authorization.

Authentication means verifying a user’s identity. There are ways to
achieve this by using different mechanisms, including certificates,
existing authentication schemes, databases, etc. The authentication
section of JAAS is pluggable, so you configure your application at
runtime to use the authentication module you desire.
The
authorization component of JAAS determines which resources an
authenticated user can access. This authorization scheme is based
on roles and principles.

Developers can use JAAS for standalone
applications, Web apps, EJBs, and pretty much any type of Java app
that you can create. The flexibility and openness of the API can
make it a bit difficult to understand at first. But if you’re using
an application server, it probably already has JAAS modules that
you can use to manage your application’s security.

The next time you need security in your
application, consider whether JAAS can save you time and effort. If
you’re already using a J2EE or servlet container, check out its
JAAS capabilities. Even though JAAS has a steep learning curve,
it’s also a very short one, and the benefits are definitely worth
the effort it takes to get started.

Delivered each Thursday, our free Java newsletter provides insight and hands-on tips you need to unlock the full potential of this programming language. Automatically sign up today!

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE These guidelines from TechRepublic Premium will help you define the necessary ingredients of a security policy and assist in its proper construction. They’re designed to work hand in hand with the subjective knowledge you have of your company, environment and employees. Using this information, your business can establish new policies or elaborate on those ...

PURPOSE Recruiting an Artificial Intelligence Architect with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

Add security to applications by using JAAS