Have you wasted time writing lots of security-based code and ever wondered if there's a better way to add security to your application? Are you confused by declarative security? Have you read about JAAS (Java Authentication and Authorization Service) but wondered where it fits? Have you ever said, "Can I just see a working example"? If so, then this talk is for you.

If you're looking to restrict access to resources based on user roles, then J2EE declarative security is for you. You'll learn how to protect web pages and business logic without adding a single line of Java code to your business logic.
This presentation covers:

• J2EE Security Overview
• Web-based Security
• Protecting Access to Web-based Resources
• JAAS Overview
• Integrating JAAS with J2EE Security
• Configuring JAAS with JBoss and Tomcat
• Using Programmatic Security
• Integrating web-based security with business logic
  

We use Ant and XDoclet to deploy a simple J2EE-based web site using JSPs, Servlets, and EJBs. We will secure the application in an iterative style. We use JBoss as the reference implementation, but the core techniques shown here are applicable to any J2EE 1.4 application server.

Intended audience: Experienced Java/J2EE developers