Q&A
| Q1: | What is the main difference between the declarative and programmatic security approaches? |
| A1: | The declarative security approach is a container-managed approach in which security rules are configured outside application code, in the deployment descriptor. This helps make the application more portable and flexible. J2EE emphasizes the declarative approach because it reduces the cost of deploying enterprise applications. On the other hand, the programmatic approach is a component-managed approach in which EJBs, JSPs, and servlets maintain the security rules in the component's code. This is useful in applying business rules when the declarative approach is not adequate. |
| Q2: | What is the main purpose of the JAAS API? |
| A2: | The JAAS API extends the security architecture of standard Java with additional support to authenticate and enforce access controls upon users. JAAS enables developers to authenticate users and enforce access controls on those users in their applications. It simplifies application development by serving as a building block for developers. By abstracting the complex underlying authentication and authorization mechanisms, JAAS minimizes the risk of creating dangerous but subtle security vulnerabilities in application code. JAAS is considered the upcoming standard in securing Java applications. |
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.