Re:J2EE security? should be just Java 2 security (Score 1)

Agreed about JAAS's absence, and I'll pass this book up for that specific reason. I can't think of any security implementation better poised to really benefit J2EE applications than JAAS. Yet its complexity and relative lack of documentation and tutorials involving the most common of scenarios is IMHO really holding it back. It isn't the fault of JAAS itself - granular security isn't child's play, but solid discussions about JAAS-based authentication and authorization implementations are few and far between.
Scott