Java Authentication and Authorization Service, or JAAS, pronounced “Jazz”
Configuration files for JAAS
- *.login.conf (e.g. form login)
- *.policy (which identity grant which permission)
LoginModule (interface)
LoginContext (Class)
- Kick off authentication process by creating a subject (if no subject passed to it will create a new one)
Subject
- e.g. user, resource, system, …
Principal
- Face of subject
- subject 1..* principal
——-
Passes
- Create instance of LoginContext e.g. LoginContext(string, callBackHandler) [string the name, callBackHandler used for passing information back to LoginModule]
- CallBackHandler (->Handle Method ->Transfers required information to LoginModule)
empty subject created before authentication begin
passed to all LoginModuels
if authentication successful, populated with principals and credentials
then subject can be get from getSubject in LoginContext
——-
Login Process (Two Passes)
- Phase 1
LoginMethod each loginModule login
- Phase 2
commit method of all login modules invokes
login if successful -> commit methods of all login modules invoked -> then attaching principals and credentials