ABSTRACT :
Java
security technology originally focused on creating a safe environment
in which to run potentially untrusted code downloaded from the public
network.
With the latest release of the java platform, fine grained access
controls can be placed upon critical ressources with regard to the
identity of the running applets and applications, which are distinguished
by where the code came from and who signed it.
However, the java platform still lacks the means to enforce access
controls based on the identity of the user who runs the code.
Java Authentification and Authorization Service (JAAS), a framework
and programming
Interface that augments the java platform with both user-based authentication
and access control capabilities.
Authentification of users, to reliably and securely detremine who
is currently executing Java code.
Authorization of users, to ensure they have the access control rights
required to do the actions performed.
|