12.7. JAAS Login Configuration Files

As noted in Chapter 7, the Java Authentication and Authorization Service, initially an optional package and subsequently integrated into J2SDK 1.4, can be used for user authentication and authorization. JAAS authentication is performed in a pluggable fashion, so applications can remain independent from underlying authentication technologies. A system administrator determines the authentication technologies, or LoginModules, to be used for each application and configures them in a login configuration. The source of the configuration information, such as a file or a database, depends on the implementation of the javax.security.auth.login.Configuration class. The default implementation from Sun Microsystems ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.