{"id":139,"date":"2012-10-21T03:16:40","date_gmt":"2012-10-21T03:16:40","guid":{"rendered":"http:\/\/softwareeveryday.wordpress.com\/?p=139"},"modified":"2014-04-27T20:52:19","modified_gmt":"2014-04-27T20:52:19","slug":"playing-with-jaas","status":"publish","type":"post","link":"https:\/\/www.softwareeverydayblog.com\/?p=139","title":{"rendered":"Playing with JAAS"},"content":{"rendered":"

Just playing with JAAS the other day. Basically its a general set of interfaces and classes (framework) provided by Java to perform authorization and authentication.<\/p>\n

    \n
  1. Here is the top level code used for authorization using JAAS.\n
    \r\npackage com.jassdemo;\r\n\r\nimport java.security.Principal;\r\nimport java.util.Set;\r\nimport javax.security.auth.Subject;\r\nimport javax.security.auth.login.LoginContext;\r\nimport javax.security.auth.login.LoginException;\r\nimport com.handler.DummyCallbackHandler;\r\n\r\npublic class JaasTest {\r\n\r\n\tpublic static void main(String args[]) {\r\n\t\tSystem.setProperty(\"java.security.auth.login.config\", \"jaas.config\");\t\/\/config file!\t\t\r\n\t\tLoginContext lc = null;\r\n\t\ttry {\r\n\t\t\tlc = new LoginContext(\"Example\", new DummyCallbackHandler(\"username\",\"password\"));\r\n\t\t\tlc.login();\t        \r\n\t\t\tSubject sub=lc.getSubject();\r\n\t\t\tSet principals=sub.getPrincipals();\r\n\t\t\tSet credentials=sub.getPublicCredentials();\t        \r\n\t\t\tSystem.out.println(principals);\r\n\t\t\tSystem.out.println(credentials);\r\n\t\t} catch (LoginException e) {\r\n\t\t\t\/\/ Authentication failed.\r\n\t\t\te.printStackTrace();\r\n\t\t}\t\t\r\n\t\t\/\/ Authentication successful, we can now continue.\r\n\t\t\/\/ We can use the returned Subject if we like.\r\n\t\tSubject sub = lc.getSubject();\t    \r\n\t}\r\n\r\n}\r\n<\/pre>\n<\/li>\n
  2. Create a jaas.config file that contains names of modules that are responsible for authentication. “Example” represents a set of LoginModules used to authenticate someone (called a Subject). jaas.config should be in the classpath. We use this name when creating a new LoginContext(String name, CallbackHandler callbackHandler)<\/a>.\n
    \r\nExample {\r\n  com.module.DummyLoginModule optional username=\"username\" password=\"password\";\r\n  com.module.AlwaysLoginModule required;\r\n};\r\n<\/pre>\n<\/li>\n
  3. Every source that you wish to authenticate\u00a0against\u00a0will have its own LoginModule. Your login module implements the\u00a0LoginModule interface.\u00a0You have some built in ones, make sure you check if any of them work for you. However, if you want to authenticate\u00a0against\u00a0some custom data source (webservice? DB? etc) you would need to create your own modules. In case of my example i have a\u00a0AlwaysLoginModule (which always logs in irrespective of username\/pass) and a\u00a0DummyLoginModule which authenticates\u00a0against\u00a0a hardcoded user\/pass.\n
    Here is a brief description of methods in a module.<\/p>\n