1 Reply Latest reply on Aug 10, 2004 9:18 AM by Scott Stark

    What's the point?

    rowson Newbie

      Hi, I suppose I'm missing a point somewhere, so please tell me.

      I just don't see in what way JAAS authentication can guarantee knowledge of a client stand alone application user.

      Example: I'm writing a client application which connects to EJBs. I've used JAAS authentication to authenticate the user (lets say with NTLoginModule). This is on Windows XP.

      Now my point is, basically anyone who has access to a computer with this application (with their own account of course) can use the application simply by editing and changing the login-configuration file and the JAAS security policy file. Am I right?

      I must be missing a point here, or is JAAS authentication totally useless?

      Thanks

      Harvey