While the J2EE 1.2 security model allowed a clear definition of Roles, and supports privilege- based access to application components, it did not provide a standard mechanism for verifying security privileges from applications. Thus, J2EE 1.2 applications, without JAAS used external tools for:

1. Managing the process of authentication and authorization of users.
2. Managing users, user groups and role mapping on the application server at the system level.

For instance, integrating a LDAP server-based security model with the J2EE one would require complete understanding and implementation of a custom security framework, integrating the J2EE server with the LDAP Server's interfaces.