O'Reilly logo

Java Security, 2nd Edition by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

JAAS Overview

JAAS provides a framework based on a pluggable architecture. Like the engines we looked at earlier, JAAS provides a set of abstract classes, and at runtime each program finds the appropriate provider of the necessary class. However, the pluggable architecture is not built into the standard security framework, so we will refrain from referring to the major JAAS classes as engines.

A JAAS-enabled application works like this:

  1. The program asks the user to log in, obtaining a user login object.

    Programmatically, this is a simple operation, involving the instantiation of a LoginContext object and the invocation of a single method on that object. What happens when that method is invoked can be quite complex and is determined by a system administrator.

    The system administrator is responsible for setting up a file that contains one or more directives indicating what happens when a particular application attempts to log in a user. These directives take the form of login modules that are called to authenticate the user and a series of options that govern how those classes can be used. The classes themselves typically interact with the operating system, using system calls to authenticate the user via Solaris’ NIS or NIS+, the Windows NT login service, an LDAP server, or whatever other authentication system is available on the platform.

    The system administrator also determines the parameters of the authentication. For example, the user may be required to enter a valid Solaris password. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required