JAAS provides a framework based on a pluggable architecture. Like the engines we looked at earlier, JAAS provides a set of abstract classes, and at runtime each program finds the appropriate provider of the necessary class. However, the pluggable architecture is not built into the standard security framework, so we will refrain from referring to the major JAAS classes as engines.
A JAAS-enabled application works like this:
The program asks the user to log in, obtaining a user login object.
Programmatically, this is a simple operation, involving the
instantiation of a
LoginContext object and the
invocation of a single method on that object. What happens when that
method is invoked can be quite complex and is determined by a system
The system administrator is responsible for setting up a file that contains one or more directives indicating what happens when a particular application attempts to log in a user. These directives take the form of login modules that are called to authenticate the user and a series of options that govern how those classes can be used. The classes themselves typically interact with the operating system, using system calls to authenticate the user via Solaris’ NIS or NIS+, the Windows NT login service, an LDAP server, or whatever other authentication system is available on the platform.
The system administrator also determines the parameters of the authentication. For example, the user may be required to enter a valid Solaris password. ...