Skip to main content


Posted by editor on February 6, 2007 at 8:18 AM PST

Lightening JAAS couplings

Returning to a topic he's covered before, Denis Pilipchuk is looking at the Java Authentication and Authorization Service (JAAS) in the context of Service Oriented Architectures (SOA's). In today's, he shows how to turn JAAS into something of an authentication and authorization service, and in so doing overcomes some of the limitations he brought up in his previous article, namely that JAAS expects the applications it serves to be in the same JVM, and, implicitly, that it only works with Java applications.

As a result, many of today's real world enterprise systems avoid JAAS authorization altogether and embed security logic right into the application code. This logic controls access to application-specific resources in a way that is not available via permission-based Java policies. Unfortunately, hardcoded security logic has many inherent pitfalls, such as lacking deployment and runtime flexibility, presenting a maintenance nightmare, being inconsistent across multiple applications, and so on. More advanced applications, while still using JAAS for authentication, delegate all authorization decisions to external entitlements systems.

If you've already committed to JAAS for your application, but need to move to a more heterogeneous service model, what do you do?
Denis' Feature Article, Adapting JAAS to SOA Environments: SOA Security Service shows how to use JAAS in the context of a web service, using SOAP messages to interact with the JAAS system.

New releases dominate the Java Today section today, starting with the
the Substance look-and-feel project, which has just released version 3.2. As noted by Kirill Grouchnikov in his blog, the new version includes two new dark skins (Challenger Deep and Emerald Dusk), a new SubstanceDefaultLookAndFeel, scrollbars with overlay effects and grip handles, rollover effects on table editors, a new version of Xoetrope color wheel panel, and more.

The Sun Java Wireless Toolkit 2.5 for CLDC has just been released for Windows-based CLDC developers. As Tomas Brandalik notes in his blog, new features include support for the Mobile Service Architecture (MSA), Scalable Vector Graphics (SVG), a payment API, JSR-238 mobile internationalization, and Session Initiation Protocol (SIP).

After several years of development, version 1.0 of the Lightweight Java Game Library has been released. "The Lightweight Java Game Library (LWJGL) is a solution aimed directly at professional and amateur Java programmers alike to enable commercial quality games to be written in Java. LWJGL provides developers access to high performance crossplatform libraries such as OpenGL (Open Graphics Library) and OpenAL (Open Audio Library) allowing for state of the art 3D games and 3D sound. Additionally LWJGL provides access to controllers such as Gamepads, Steering wheel and Joysticks. All in a simple and straight forward API." This release supports Linux, Mac OS X, and Windows, and more information about the release is available in a LWJGL 1.0 Released forum thread.