Advanced JAAS Topics

The simple example we’ve just shown is enough to get you started with JAAS, but now we’ll delve into some optional topics, including how callbacks are used to get information from the user, how to write your own login module, how to deal with permissions that can’t be put into a JAAS policy file, and how to use some advanced administration options.

JAAS Callbacks

Login modules such as those for Solaris and NT obtain all their information from the user environment. Other login modules aren’t so lucky: they must somehow prompt the user to enter relevant information (such as an ID and password). This is accomplished through the use of JAAS callbacks.

When you construct a login context, you have the option of providing it with an object that implements the CallbackHandler interface (javax.security.auth.callback.CallbackHandler). This object is sent to the login modules, and if they need information from the user, they use the handler object to obtain it. This in turn is accomplished by using one or more callback objects (javax.security.auth.callback.Callback), each of which asks for a certain piece of information (e.g., a password).

If you think your application might ever need to use a login module that requires callbacks, you should register the appropriate handler in your application. Implementing a CallbackHandler requires an object that provides this method:

public void handle(Callback[] cb)

Loop through the array of callbacks and provide the information desired ...

Get Java Security, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.