These classes work in concert with each other - by default, the Identity class will use JAAS to authenticate the user, via SeamLoginModule (which is a standard JAAS login module). SeamLoginModule performs authentication by invoking a MethodExpression - i.e, the authenticate-method configured in Identity.
Usually "security" means two things:
- Authentication: Who are you, can you identify yourself and what are your roles/privileges?
- Authorization: An action/display requires a permission, do you have the right roles/privileges for that?
The authenticator does Authentication, the Identity component is responsible for Authorization.