Summary

JAAS provides a set of specific implementations of authentication and authorization that can be changed without changing code. JAAS provides the ability to plug in different and stacked login modules to provide authentication mechanisms. Another important feature of the JAAS interface is the capability to use different interfaces for authentication and authorization.

An example is the LoginModule for Kerberos, which can use Kerberos keys and tickets for authentication while the authorization remains the same. To provide authentication, a subject is created that is used to further provide authorization. The authorization part of JAAS uses permissions, principals, and associated system resources to define how resources can be accessed. JAAS provides a common implementation and set of definitions when developing Java systems.

In the early networking days, it was very difficult for network engineers to communicate with each other about different protocols and extend an existing protocol because there was no common model that was protocol independent. The network OSI model was developed to supplement this type of communication. Chapter 21 mentions more on this subject, but the point is that a common model is needed to really make progress in a particular discipline in computer science. JAAS has created a common model for authentication and authorization in Java.