This content has been marked as final. Show 2 replies
A more enquiring mind would at leaast have wondered why it is called an Authentication and Authorization service, if all it does is return a single bit. I suggest you should do your research before deciding whether or not JAAS is useless instead of afterwards. JAAS login modules populate the Subject with Principals representing roles the user occupies, which in turn authorize him to use the corresponding parts of the application. It isn't as simple as a single bit indicating whether the user logged in or not.
Could you please name me good literature for JAAS.