JAAS is not a security implementation. It is an API for interacting with security
implementations. Seam can interact with JAAS, but years of experience with JAAS has
proven that it is not a very effective API. It works ok for the most basic role-based
authorization, but it's too heavy and inflexible to be used directly for the type of
authorization tasks we were targeting.
Why did we just Drools? First, keep in mind that you only need to use Drools to implement
fine-grained permissions. If you just need simple roles, then you don't need to use
drools. A rule base makes sense to implement this type of thing. Everyone on the Seam
team knows and likes the Drools guys. Drools works well, and it plays nicely with JBPM,
which we also use. We'd always prefer to use standards-based technologies, but where
no useful standard exists, we have to pick something.
The good news is that Seam is a very flexible system. It should not be hard for someone
to implement support for another rules engine. If there as any interest in that from the
Seam community, I'm sure it will happen.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097676#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...