JAAS Notes

Java Authentication and Authorization Service, or JAAS, pronounced “Jazz”

Configuration files for JAAS

  • *.login.conf (e.g. form login)
  • *.policy (which identity grant which permission)
LoginModule (interface)
LoginContext (Class)
  • Kick off authentication process by creating a subject (if no subject passed to it will create a new one)
  • e.g. user, resource, system, …
  • Face of subject
  • subject 1..* principal
  1. Create instance of LoginContext e.g. LoginContext(string, callBackHandler) [string the name, callBackHandler used for passing information back to LoginModule]
  2. CallBackHandler (->Handle Method ->Transfers required information to LoginModule)
    empty subject created before authentication begin
    passed to all LoginModuels
    if authentication successful, populated with principals and credentials
    then subject can be get from getSubject in LoginContext
Login Process (Two Passes)
  • Phase 1
LoginMethod each loginModule login
  • Phase 2
commit method of all login modules invokes
login if successful -> commit methods of all login modules invoked -> then attaching principals and credentials

Leave a Reply

Your email address will not be published. Required fields are marked *