JEE5 Security

Any new project or product that is used by more than 1 user and over any kind of network needs the “TripleA” AAA features: Authorization, Authentication, Auditing. That’s a must !

I am reading about the JEE5 Security features to outline a new design, or at least I try to find some comprehensive information about it. It seems one of the most important framework services is still being largely developed handmade according to the needs of specific project requirements and no generic solution is available (I think I need to rephrase this after some more investigation). I could  not find many books or online sources with samples or easy-digestible tutorials, just to share what I found so far. JAAS is part of JRE since version 1.4 and most of the information about is a bit old (2002).

SUN
SUN JAVA SE security (link) (link)
SUN JAAS Tutorial (link)

3rd Party Security Framework (based on JAAS)
JGuard on SourceForge.net (link)
ESAPI  on OWASP (link)

Books
Free JAAS Book (link)
Software Security Technologies (covering security in Java, C, Perl)


Software Security Technologies