Application Server Solutions for Microsoft IIS and ASP.NET
       solutions   products   partners   company   support   downloads         store
ServletExec Self-Help: FAQ
Back to Search >  Back to Search Results

Faq ID 91
Product ServletExec
Category Class Loading/Reloading
Question Why does my JAAS (Java Authentication and Authorization Service) code fail to run within a Web Application when it runs fine as a stand-alone Java Application?
Answer This FAQ was written back when SE 3.0 was the current version of SE. This was back in 2000/2001. The JAAS implementation that was available back then would attempt to explicitly use the System Classloader to load classes into the JVM. But ServletExec uses a single Custom Classloader for each Web Application to load classes from that Web Application into the JVM (which is mandated in section 4.6 of the Servlet 2.2 Specification). Because of this, any code (JAAS or otherwise) that runs in a web application cannot utilize the System Classloader successfully. So that's why folks had trouble running JAAS code inside a webapplication.
On 8.12.2005 (years later) a customer reported that their JAAS code ran fine in SE 5.0.
... JAAS seems not to be a problem anymore with SE 5.0. I have been able to configure JAAS and to test my application. It authenticates users using Windows 2000 Domain. Documents access authorization verification using java security also seems to work well.
That customer stated that they were using Sun's JVM 1.4.1_02 and the version of JAAS that comes with that JVM. They also stated that they had obtained the JAAS implementation from:
At the time this portion of this faq was written (Aug, 2005), the above link showed that the most recent version of JAAS was version 1.0.3 (released 2.17.2003).

company media information terms of use privacy policy contact us