Jump to content

Talk:Java Authentication and Authorization Service

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by ZeroOne (talk | contribs) at 22:50, 15 February 2010 (importance=low). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconJava Stub‑class Low‑importance
WikiProject iconThis article is within the scope of WikiProject Java, a collaborative effort to improve the coverage of Java on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.JavaWikipedia:WikiProject JavaTemplate:WikiProject JavaJava
StubThis article has been rated as Stub-class on Wikipedia's content assessment scale.
LowThis article has been rated as Low-importance on the project's importance scale.
WikiProject iconComputing Stub‑class Low‑importance
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing
StubThis article has been rated as Stub-class on Wikipedia's content assessment scale.
LowThis article has been rated as Low-importance on the project's importance scale.

My first impression of JAAS is that it is rather complex. Wouldn't it suffice to have 3 components:

  • a client,
  • a server session and
  • a server authorisation

The client communicates with the server authorisation module, which updates the client's role in the server session. The client's role is checked before any method is called. Could anyone explain why JAAS needs 7 modules and 15 communication messages instead of only 3 modules and 3 communication messages in my approach? — Preceding unsigned comment added by 81.246.190.66 (talk)


JAAS's callback handling is complicated, but that's the price of flexibility. Also, the components of JAAS are siilar to your list:
  • the client application
  • the common library that reads config files and routes to authentication modules
  • the authentication modules
And the messages could be characterized as:
  • login-start
  • callback-query
  • callback-response
  • login-commit
  • logout
So I don't see how you can say it's complex. It has about the same complexity of PAM, but JAAS looks a lot better specified. I don't understand the negativity that many people hold against JAAS. DLeonard (talk) 16:24, 21 January 2010 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Java_Authentication_and_Authorization_Service&oldid=344293429"