开发者

"Spring Security" and "Java Authentication and Authorization Service(jaas)"

I'm so new to Spring and Spring security , we have an extended java application (not web application) and trying to use spring as a framework. I've read a little about jaas and have made a simple jaas security framework for my application (not a perfect one).

now , as we want to merge to Spring framework , I have some questions:

  1. Does "Spring Security" based on "jaas" or it can use jaas as an optional provider which can be replaced by something exactly different?

  2. Does "Spring Security" has the ability to manage multiple parallel users in a single application? (particularly for authorization)

  3. I've found that you should have lots of work to convert basic jaas api to a useful api (using DB, user/group management classes,...), what about "Spring Security"? (seems in jaas-Provider we have a l开发者_运维百科ot's of useful implementations)

  4. do you know any sample code using "Spring Security" for a swing application?

thanks a lot for your time


  1. Spring Security is not based on JAAS. Indeed, it can use JAAS as an optional provider.
  2. Yes, it does. I'm not sure to fully understand your question, as if it couldn't, it would be pointless.
  3. Building a JAAS provider is indeed a lot of work. Developing a Spring Security authentication provider is much much simpler.
  4. You'll find a good sample here


Spring Security integrates quite nicely with JAAS .

Parallel users are all individually managed, both in terms of authentication as well as authorization, and includes a variety of constructs to configure authorization, from taglibs to pointcuts and annotations.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜