Skip to main content


Posted by editor on February 6, 2007 at 8:18 AM PST

Lightening JAAS couplings

Returning to a topic he's covered before, Denis Pilipchuk is looking at the Java Authentication and Authorization Service (JAAS) in the context of Service Oriented Architectures (SOA's). In today's, he shows how to turn JAAS into something of an authentication and authorization service, and in so doing overcomes some of the limitations he brought up in his previous article, namely that JAAS expects the applications it serves to be in the same JVM, and, implicitly, that it only works with Java applications.

As a result, many of today's real world enterprise systems avoid JAAS authorization altogether and embed security logic right into the application code. This logic controls access to application-specific resources in a way that is not available via permission-based Java policies. Unfortunately, hardcoded security logic has many inherent pitfalls, such as lacking deployment and runtime flexibility, presenting a maintenance nightmare, being inconsistent across multiple applications, and so on. More advanced applications, while still using JAAS for authentication, delegate all authorization decisions to external entitlements systems.

If you've already committed to JAAS for your application, but need to move to a more heterogeneous service model, what do you do?
Denis' Feature Article, Adapting JAAS to SOA Environments: SOA Security Service shows how to use JAAS in the context of a web service, using SOAP messages to interact with the JAAS system.

New releases dominate the Java Today section today, starting with the
the Substance look-and-feel project, which has just released version 3.2. As noted by Kirill Grouchnikov in his blog, the new version includes two new dark skins (Challenger Deep and Emerald Dusk), a new SubstanceDefaultLookAndFeel, scrollbars with overlay effects and grip handles, rollover effects on table editors, a new version of Xoetrope color wheel panel, and more.

The Sun Java Wireless Toolkit 2.5 for CLDC has just been released for Windows-based CLDC developers. As Tomas Brandalik notes in his blog, new features include support for the Mobile Service Architecture (MSA), Scalable Vector Graphics (SVG), a payment API, JSR-238 mobile internationalization, and Session Initiation Protocol (SIP).

After several years of development, version 1.0 of the Lightweight Java Game Library has been released. "The Lightweight Java Game Library (LWJGL) is a solution aimed directly at professional and amateur Java programmers alike to enable commercial quality games to be written in Java. LWJGL provides developers access to high performance crossplatform libraries such as OpenGL (Open Graphics Library) and OpenAL (Open Audio Library) allowing for state of the art 3D games and 3D sound. Additionally LWJGL provides access to controllers such as Gamepads, Steering wheel and Joysticks. All in a simple and straight forward API." This release supports Linux, Mac OS X, and Windows, and more information about the release is available in a LWJGL 1.0 Released forum thread.

David Herron returns to the Weblogs, with some thinking-out-loud about

An open quality team:
"It's been awhile since I last blogged here, I apologize for being so quiet but I've had quite a lot of things to think about. I want to kick off regular blogging with one of those things ... namely what would a quality team look like in the open source world. "

Evan Summers continues his long-running series in
Bound Gooey Beans:
"In the Gooey Beans Info prequel, we expose explicit property objects. Now we allow a bean info instance to be bound to a specific bean, in order to support bound properties ie. firing PropertyChangeEvent's. Ps."

Inderjeet Singh wonders
Can GroupThink result in poor decision making in strong open-source communities?
"GroupThink is a behavior pattern that results in inferior decision making by a group of smart people when the cohesiveness of the group is too high. In this blog, I describe GroupThink and explore its application to open-source projects."

In today's Forums,
cyclid would like to cancel timer after server restart:
"I create a couple of timers. while the application server is up i can cancel them by getting the TimerService object of the bean it's associated with, calling getTimers() and cancelling the Timer objects returned from it. If i restart the server (let's say it crashed), the timers created in the previous session are back to run - they are persistent by definition. but now i can't cancel them anymore: same getTimers() returns an empty Collection. i think this happens because the old timers from the previous session were not created by new TimerService associated with newly created beans. My question is: how can i cancel timers that were re-invoked after server restart."

evanx has some further
Feedback about the new orange animation:
"I think this orange animation is supremely classy, but I agree that the "visit us at" at the end spoils it, visually and viscerally"

Did we mention the WTK 2.5 CLDC is Windows-only? bardubitzki has a request in
Re: Sun Java Wireless Toolkit 2.5 for CLDC final release available for down: "I just hope we will see a release for Linux pretty soon too."

Finally, terrencebarr repeats a recent contest announcement in
Contest launched: Get Creative. Get Noticed. Win a PS3!:
"Announcing the Java Mobile Application Video Contest: Create a video to tell everyone in your own words about a new mobile application or service that was created using the Java ME Platform or open source phoneME project . Be it an application or service you saw or one that you created yourself - besides your chance at fame and glory, you can win great prizes such as a Sony Playstation 3, a Sony Ericsson K800 phone, or a Panasonic Blu-Ray DVD Player - just for submitting a short video telling the world what's cool about Java ME."

Current and upcoming Java

Registered users can submit event listings for the href=""> Events Page using our href="">events submission form.
All submissions go through an editorial review before being posted to the

Archives and Subscriptions: This blog is delivered weekdays as
the Java
Today RSS feed
. Also, once this page is no longer featured as the
front page of it will be
archived along with other past issues in the href=""> Archive.

Lightening JAAS couplings