This site contains the book I wrote sometime back about the Java Authentication and Authorization Service, or JAAS. The book could do with some copy-editing, and even some more content. Despite those short-comings, the book covers the basics of JAAS, and then quickly goes into how to write database backed versions of JAAS service classes such as Policy, Configuration, and LoginModule.
Over the years, the "static" nature of JAAS always bugged me, and I spent this book figuring out how to make JAAS more dynamic.
The chapters are currently available as PDFs:
- 01 - Introducing JAAS
- 02 - Two Quick Examples
- 03 - Authentication
- 04 - Database-backed Authentication
- 05 - Permisions and Access Control
- 06 - A Custom Policy
- 07 - Authentication Base Classes
- 08 - JAAS for Data Access Control
- 09 - JAAS in Web Applications
- 10 - Extending JAAS Integration in Web Applications