How JAAS enables use of custom security repositories with J2EE applications
Java 2 security architecture uses a security policy to specify which access rights are granted to running code. This architecture is code-centric. The permissions are granted based on code characteristics including where the code is coming from, whether it is digitally signed, and by whom. Authorization of the Java Authentication and Authorization Service (JAAS) augments the existing code-centric access controls with new user-centric access controls. Permissions are granted based on what code is running and who is running it.
