Implementation of Authentication and Authorization Based on JAAS and J2EE Web Container

To implement the authentication and authorization in a Web application based on Browser/Server model. JAAS and J2EE Web Container's security realm, combining with Oracle's self authentication, are used to authenticate and authorize users who want to access the Web application. The resources that a user can access are limited at Web page level and the security issue considered in development phase is moved to deployment. The business logic and rights management are isolated so that programmers are no need to write codes in each page to examine whether the user have rights to access it. The results show that using Java Authentication and Authorization Service (JAAS) can enhance the entire system's development efficiency and the security mechanism provided by Web Container can work with the database's security realm well.