jGuard install on j2ee

Login Modules

Authorization Managers

Advanced jGuard

jGuard install on jvm

jGuard and the SecurityManager

Useful links

Security General
- general information about RBAC model
- Instance-level access control for business-to-business electronic commerce by R. Goodwin, S. F. Goh, and F. Y. Wu on IBM web site
- Architectural Patterns for Enabling Application Security by Joseph Yoder and Jeffrey Barcalow
- Access Control (aka Authorization) in Your J2EE Application By Jeff Williams
Authentication
- RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
- RFC 2829 : authentication methods for LDAP
- RFC 2797: Certificate Management Messages over CMS
- Authentication methods overview in http/https (french) by Franck Davy
- Linux PAM FAQ
- PAM modules by Jennifer Vesperman on linux O' Reilly devcenter
- writing PAM modules, Part one by Jennifer Vesperman on linux O' Reilly devcenter
- Linux PAM home Page
- Linux-PAM documentation
- Linux PAM modules available
- a Java Radius Client
- certificate profile example
- Making Login Services Independent of Authentication Technologies by Vipin Samar, Charlie Lai
- JBoss linux authentication
- RFC 2743:Generic Security Service Application Program Interface Version 2, Update 1
Authorization
- Role Engineering and Generic RBAC Theory : explanation of Separation of Duty
Security in Java
- how to verify jar integrity
- Propagating Security context over JMS in WebLogic
- JSR 160 Security
- Introduction to Securing Web Applications with JBoss and LDAP By Luc Russell
- Instance-level access control for business-to-business electronic commerce by R. Goodwin, S. F. Goh, and F. Y. Wu
JAAS related information
- JAAS official web site
- JAAS FAQ
- "All that JAAS :Scalable Java security with JAAS" article on JavaWorld
- "All that JAAS :Pluggable authentication and authorization services provide many key security benefits for Java applications" article on JAVAPro
- "J2EE security: Container versus custom" on JavaWorld
- "Using JAAS for Authorization and Authentication" by Dan Moore
- Open source login modules implementations by Andy Amstrong
- When "java.policy" Just Isn't Good Enough by Ted Neward
- Extending JAAS by Guosheng Huang
- Extend JAAS for class instance-level authorization by Carlos A. Fonseca
- JAAS related informations dedicated to AS/400 systems: configuration, specific JAAS implementation...
- implementing Security using JAAS and Java GSS-API by Charlie Lai and Seema Malkani
- white paper intitled 'USER AUTHENTICATION AND AUTHORIZATION IN THE JAVA(TM) PLATFORM" by Charlie Lai, Li Gong, Larry Koved, Anthony Nadalin, and Roland Schemers
- JAAS Developer's Guide by SUN
- JAAS LoginModule Developer's Guide by SUN
- JAAS by Bruce A Rich,Java Security Lead IBM/Tivoli Systems
- Http Callback classes in SAP library
- JAAS-compliant authentication-provider using the shadow-password system of Linux. It might also work for other dialects of Unix.
- Java & J2EE Conventions, Guidelines and Best Practices document:JAAS rules
- Using JAAS and SPNEGO/Kerberos to single sign-on from fat java clients
- JAAS presentation
- all that JAAS from AlBlue's weblog
- JAAS example on tomcat
- Java authorization internals: A guided tour of the Java 2 platform and JAAS authorization architectures by Abhijit Belapurkar
- Urban code presentations
- Extending JAAS by Guosheng Huang
java topics which can be interesting for jGuard
- Classworking toolkit: ASM classworking
- Programmatically Signing JAR Files by Raffi Krikorian
- instrumentation example (java.lang.instrument package)