
sun.com \| 1-800-123-4000	How To Buy \| My Sun \| Worldwide Sites

Home > Access1.sun.com > Code Samples

ACCESS1.SUN.COM
Code Samples

Access1.sun.com
»	SEARCH Access1
»	Contact Us
	Code Samples
»	Technical Articles
»	TechNotes
»	Tools
»	Tutorials
»	Sun Forum FAQ Sets
»	Support Readiness Documents

See Also:
»	Developer Support Services
»	Sun[tm] ONE Studio
»	Sun[tm] ONE Middleware Developer
»	Java Developer Connection[sm]
»	Solaris Developer Connection[sm]
»	SunSolve Online[sm]
»	Training

Part I: Java[tm] Authentication and Authorization Service (JAAS) Class Libraries and Methods

by Allen Lai
(May 2002)

We want to hear from you! Please send us your FEEDBACK.

The following code sample may contain actual software programs in source code form. This source code is made available for developers to use as needed, pursuant to the terms and conditions of this license.

SECTION A - Short Description/Synopsis

The Java[tm] Authentication and Authorization Service (JAAS) API is a Java[tm] software package that enables a Java language programmer to write services to authenticate users and to enforce access control on resources that the application provides. It is a Java programming language implementation of the Pluggable Authentication Module (PAM) framework for authenticating users; it implements a variety of authentication methods. These authentication methods can be a username/password combination, biometric identification, or other operating systems' login mechanisms - for example, the UNIX username/password authentication mechanism available in the Solaris[tm] Operating Environment (OE) or other UNIX operating systems. It is a 100% pure Java platform implementation. Therefore, it can be used on all operating systems that have the Java 2 platform ported to them.

This code sample illustrates the basic usage of the class libraries and methods of JAAS. Particularly for this article, which is Part I of a two-part series, we will look at the Authentication classes and methods to show an example of how one might use JAAS to authenticate a user. The core classes for the Authentication portion of JAAS are:

LoginContext

LoginModule

CallbackHandler

Callback

We will need to make a few assumptions for this article:

Assumption #1 - The LoginModule is implemented correctly and is configured properly for this Java application program.
Assumption #2 - A CallbackHandler is included by this Java application program but its implementation is left out as it is not the focus of this article.

SECTION B - Task and Skeleton code

I. Task List

1. Import the relevant Java 2 platform security and JAAS packages for performing Authentication.

2. Instantiate a LoginContext with the CallbackHandler that is specifically implemented for this application.

3. Check that the instantiated LoginContext consults the configuration files and loads all the LoginModules for this application.

4. Invoke the login method on the LoginContext. If the login fails, an exception will be caught and the application will exit.

If the login is successful, the Subject is retrieved using the getSubject method against the LoginContext.

5. Using the doAs method, invoke the actual application that is intended for execution using the Subject that was retrieved.

6. Exit the application with a System.exit method call.

ii. Skeleton Code

}

SECTION C - Solution Source

//import statements //----------------- //required by the Java 2 Principal package for serialization import java.io.*; //Java 2 interface to represent a Principal import java.security.Principal; //JAAS Authentication packages import javax.security.auth.*; import javax.security.auth.callback.*; import javax.security.auth.login.*; import javax.security.auth.spi.*; public class Authenticate { public static void main(String[] args) { //Instantiates a LoginContext. It consults the configurations to load all of the //LoginModules that is configured for this application. The assumption here is //that a CallBackhandler is required to obtain user input for the LoginModule to //authenticate. LoginContext logincontext = null; logincontext = new LoginContext("Aunthenticate", new ThisAppCallbackHandler()); try { //Using the login() method to begin the authentication process logincontext.login(); } catch (LoginException error) { System.out.println("The authentication was not successful due to " + error + " exception"); error.printStackTrace(); System.exit(-1); } //Get the authenticated Subject if the login is successful Subject subject = logincontext.getSubject(); //Executing the application ExecuteAuthApplication() as the authenticated Subject Subject.doAs(subject, new ExecuteAuthApplication()); //Exiting this authentication application after the ExecuteAuthAppilcation application has started System.exit(0); } class ThisAppCallbackHandler implements CallbackHandler { // The actual implementation of the CallbackHandler is not described as this not the focus of // this code sample article. A CallbackHandler is implemented if the LoginModule must communicate // the user for input as part of the authentication process. For example, if the LoginModule // requires a password or smartcard pin number from the user of this application. }

}

DOC ID #1198