What Is JAAS?

  

Java Authentication and Authorization Service is a framework for providing authentication and authorization to runtime resources. JAAS provides an interface to pluggable authentication mechanisms for authentication, and a framework to require users to have explicit permissions to perform runtime operations in an application.

Note  

JAAS uses a dynamic security policy to define permissions instead of placing the permissions in code.

These permissions normally identify the user , the permissions to the resource, and the name of the resource itself. For example, an application may have the user rich with the write permission to a resource called file1 . In this example, rich has the right to execute a write to file1 . Authentication is the ability to give a user access through the application, and authorization ensures that the user has access to resources. Users may be authenticated but not authorized until they try to access the resource. JAAS provides a two-step process, one for authentication and one for authorization.

Note  

All code and references have been made using the JDK 1.4 distribution.

When JAAS runs, it creates a subject that contains a principal, which represents a named user, and credentials that represent private and public keys. The subject, containing the principal and credentials, gets authentication and authorization based on the login modules and permissions. The authentication and authorization are based on the principal, and the credentials are proof of the identity of the principal. Basing the authentication and authorization on the principal is called principal-based access control, which is discussed in the next section.

Cross-Reference  

For definitions of authentication and authorization, see Chapter 1.

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net