May 2001
Intermediate to advanced
618 pages
20h 50m
English
Content preview from Java Security, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Advanced JAAS Topics
The simple example we’ve just shown is enough to get you started with JAAS, but now we’ll delve into some optional topics, including how callbacks are used to get information from the user, how to write your own login module, how to deal with permissions that can’t be put into a JAAS policy file, and how to use some advanced administration options.
JAAS Callbacks
Login modules such as those for Solaris and NT obtain all their information from the user environment. Other login modules aren’t so lucky: they must somehow prompt the user to enter relevant information (such as an ID and password). This is accomplished through the use of JAAS callbacks.
When you construct a login context, you have the option of providing
it with an object that implements the
CallbackHandler interface
(javax.security.auth.callback.CallbackHandler).
This object is sent to the login modules, and if they need
information from the user, they use the handler object to obtain it.
This in turn is accomplished by using one or more callback objects
(javax.security.auth.callback.Callback), each of
which asks for a certain piece of information (e.g., a password).
If you think your application might ever need to use a login module
that requires callbacks, you should register the appropriate handler
in your application. Implementing a
CallbackHandler requires an object that provides
this method:
- public void handle(Callback[] cb)
Loop through the array of callbacks and provide the information desired ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.