Using a Java Authentication and Authorization (JAAS) login module for authentication and authorization is a great way to separate the authentication layer from the rest of the application. Some pros of using JAAS are
a) Layering improves performance.
b) Fail over handled seamlessly using JAAS login module chaining.
c) Multiple stores could be used like LDAP, database, properties file.
d) Having the authentication and authorization happen in one step reduces the burden on the developer.
Some of the cons of using JAAS are
a) In web applications accessing the Http Session object could be a hassle in the custom JAAS login modules.
b) Propagation of the JAAS authentication Subject to other layers is not easy.
c) Having the authorization in JAAS could be restricting for applications where multiple sections of the application could be require separate authorization.
No comments:
Post a Comment