Does anyone have any examples how the Java Authentication
and Authorisation Service would work with servlets or EJBs?
I cannot work out how exactly to get the CallbackHandler passing information from the EJB or servlet.
Or am I barking up the wrong tree with JAAS and should I be looking at something else to authenticate my users?
You can use JAAS to authenticate and authorise any request to the App. Server. The problem is that not a single App. Server has implemented authorization part of JAAS. Weblogic 6.0 implements authentication. The way JAAS brings in pluggable login modules, its quite a clean security architecture.
OK thanks, I'll have a look at WebLogic6. Guess we'll have to wait a bit before this becomes implemented in the major app servers.