To run our simple example, we must take several administrative steps; in fact, JAAS places a much bigger burden on the administrator than on the developer. The system administrator must configure a set of login modules that will be executed by the login context, write a set of JAAS policy files for the application, and ensure that the program environment is set up correctly to run the application.
The login context object is quite complex, despite its simple interface. It is built to support a set of pluggable, stackable login modules. A login module is the code that actually authenticates a user. Depending on the module, this may entail either interacting with the user (asking for a login name and password) or using existing information in the user’s environment to authenticate the user. A login module may succeed or fail in its attempt to authenticate a user.
Login modules are called pluggable because they are loaded dynamically. Instead of calling specific login modules in your code, the login context looks up the login configuration file to see which classes to call. This allows you to use login modules supplied by third parties.
Login modules are called stackable because you can specify more than one login module in the configuration file. These modules “stack” within the configuration file; they are called in order, and each one can add one or more principal objects to the current subject (i.e., the current user). This ...