"Spring Security" and "Java Authentication and Authorization Service(jaas)"

Question

I'm so new to Spring and Spring security , we have an extended java application (not web application) and trying to use spring as a framework. I've read a little about jaas and have made a simple jaas security framework for my application (not a perfect one).

now , as we want to merge to Spring framework , I have some questions:

1. Does "Spring Security" based on "jaas" or it can use jaas as an optional provider which can be replaced by something exactly different?

2. Does "Spring Security" has the ability to manage multiple parallel users in a single application? (particularly for authorization)

3. I've found that you should have lots of work to convert basic jaas api to a useful api (using DB, user/group management classes,...), what about "Spring Security"? (seems in jaas-Provider we have a lot's of useful implementations)

4. do you know any sample code using "Spring Security" for a swing application?

thanks a lot for your time

Answer 1

Spring Security integrates quite nicely with JAAS .

Parallel users are all individually managed, both in terms of authentication as well as authorization, and includes a variety of constructs to configure authorization, from taglibs to pointcuts and annotations.

Answer 2

1. Spring Security is not based on JAAS. Indeed, it can use JAAS as an optional provider.
2. Yes, it does. I'm not sure to fully understand your question, as if it couldn't, it would be pointless.
3. Building a JAAS provider is indeed a lot of work. Developing a Spring Security authentication provider is much much simpler.
4. You'll find a good sample here