Why should I use JAAS against hand-written security?

2) Using a standard security mechanism like JAAS has many advantages.

2) Using a standard security mechanism like JAAS has many advantages: You can easily change the way user authenticates solely by configuring your server - without need to change anything inside your code. You can be sure your security is up-to-date, supporting strongest algorithms, storing Principal in a secure manner and so on. Again just by staying up-to-date with your server, framework etc.Having a hand-written security module is prone to errors and to be outdated soon.

You can leverage framework security - eg. Web. Xml security tags, EJB security annotations. Because JAAS is a standard way to authenticate, you can be sure adopting future technologies will be easier, because all serious technologies will support JAAS (Spring security etc. ).

If your software is planned to grow, you will definitely need a standard. It will save you time and effort. JAAS provides both authentication and authorization, neatly packed and configurable within minutes.

I recommend futher reading on J2EE security or you can find more resources in OWASP guides.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.