Is it possible to use JAAS within an android app?
In the android API most of the classes of the javax.security.auth package are saying
Legacy security code; do not use.
But is there any replacement for user-centric JAAS on android? Or might it work if I manually deploy the jaas.jar?
JAAS doesn't really apply to Android. JAAS provides user-centric security to Java-based applications (who is the identity - usually a "user" such as an LDAP user id - that is "running" the application and are they allowed to do what they are trying to). In Android, user IDs are used differently in that each application runs with a different user ID in order to separate the applications from each other. As there are very different concepts of identity between a JAAS-enabled Java application and an Android application, the JAAS model doesn't reconcile well with the Android model, hence the warnings in the docs.
The quasi-equivalent in the Android world is the permissions model, which is explained in great detail in this book: http://shop.oreilly.com/product/0636920022596.do.