I’ve finally got around to reading “Java Security (2nd ed)” by Scott Oaks (and published by O’Reilly). Despite being based on java 1.3 (!) it is nicely written and still mostly relevant (despite the occasional reference to “floppy disks”). However the JAAS chapter is, in my opinion, not as clear as it could be. In fact, I don’t know of any good quick intros to JAAS (Java Authentication and Authorization) so you can find my attempt under JAAS Foundations.