Java Authentication and Authorization Service

Java Authentication and Authorization Service ( JAAS ) is a Java API that makes it possible to provide services for authentication and permissions in Java programs. JAAS is based on the Pluggable Authentication Modules (PAM) and thus supports user-based authorization. JAAS has been delivered as of version 1.3.1 of the Java Platform, Standard Edition as an extension and is since version 1.4 of the Java Platform ( both Standard Edition and Enterprise Edition). The associated interfaces and classes are defined in the package " javax.security.auth ".

Operation

JAAS defines standard classes and a predetermined multiple interfaces Framework so that a Java program can authenticate users through a process and vendor- neutral interface. The actual authentication logic is outsourced to providers modules.

The actual definition of how a JAAS -use program user authenticate to inform about which authentication data sources happen, is set in a Java properties configuration file. Thus, the authentication method used can be changed even after the completion of a program, without having to modify the program code.

Use

Due to the easily modifiable configuration file and the basic layout of a Java program, each user can use direct access to the class and property files a JAAS program to replace the provider modules used very easily and run as a program intended security restrictions. Because of this, JAAS, has so far hardly enforced at 2 - layer applications, where the application logic runs on devices from the user.

With Java 1.4 the following provider modules are included: Unix, NT LAN Manager, Kerberos. Starting with Java 6.0 an LDAP Authentication provider is also included.

Securely set up JAAS allows for 3- layer applications, where the application logic is outsourced to an application server out of the reach of users. There JAAS is now a de facto market standard for authentication. This standard is further strengthened because every leading Java application servers is now the rule also supply several ready -purpose JAAS Provider modules with their application servers that perform common authentication protocols are covered (such as LDAP, SAML, PKI certificates, SQL databases ).

For a link to the standard Unix- standard PAM authentication modules Bridge module is needed for, inter alia, free implementations are available.

Software framework .properties Kerberos (protocol) Security Assertion Markup Language
423222
de