jGuard is a java security framework based on JAAS. this framework is written for web applications, to resolve simply, access control problems.
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server
- permit to a user to have more than one role simultaneously
- does not depend on a web framework, or an AOP framework
- build on top of the standard and very secure and flexible JAAS
- authentications and authorizations are handled by pluggable mechanisms
- handle authentication data stored in a database, an XML file, a JNDI datasource, an LDAP directory, Kerberos...
- changes take effects 'on the fly' (dynamic configuration)
- permissions, roles,and their associations can be created, updated,deleted on the fly through a webapp (an API is provided too)
- each webapp has its own authentications and authorizations configuration
- a taglib is provided to protect jsp fragment
- support security manager