Using JAAS involves the interaction of a number of classes and configuration files. The classes involved in using JAAS are not just the classes in the JAAS package, but include the Java SecurityManager and the AccessController, classes that are part of the Java security framework. In addition to these classes, entries in the security policy file, the Java security configuration file, and the JAAS configuration file may also be required.
The following example demonstrates the use of JAAS for both authentication and authorization. First, the user is authenticated using one of several LoginContext initializations. Following a successful login, authorization is tested by executing several privileged actions using the Subject class.