The Java Authentication and Authorization Services component is a key extension to the security model defined by the Java 2 platform. In the Java 2 security model, control of access to Java run-time objects is based solely on the location of the code and its signer. JAAS 1.0 extends this model by enabling access control based on authentication of the user for whom the code is being run and authentication of this user (often referred to as the principal ).
WAS V5 fully utilizes the JAAS functions to perform user authentication and access control to the servlet, JSP, EJB, and other resources within the application server. In addition, WAS V5 provides its own extensions to the JAAS function, primarily for providing role-based authorization of server resources.
