This content has been marked as final.
Show 2 replies
-
1. Re: JAAS Subject and J2EE principal
starksm64 Mar 17, 2005 10:33 AM (in response to tcherel)Because J2EE has not actually defined how JAAS should be used. In general security is under-defined in J2EE. There is a jcp that is being considered for inclusion into j2ee 1.5 that is supposed to define how a container delegates authentication to a provider:
http://www.jcp.org/en/jsr/detail?id=196
Hopefully that will define how a Subject should be made available, provided that it makes it into j2ee 1.5. -
2. Re: JAAS Subject and J2EE principal
tcherel Mar 17, 2005 10:39 AM (in response to tcherel)
Thanks a lot for the answer Scott.
I am glad to see that my understanding was not totally wrong.
I did notice this JSR but as the spec is not available for download and the activity seems to be fairly low, I could not verified that this will be my answer.
I guess I will just have to wait and create custom principal for now...
Thomas