Featured White Papers

• Why choose an Open Source BPM?
• 10 FAQs on Business Process Management
• Best Practices for Getting Started with BPM
• Free Your Devs From The Pain Of Java Redeploys
• Increase Velocity 40% by Using JRebel
• What Developers Want: The End of Application Redeploys
• Developer Productivity Report: Java Tools, Tech, Devs, and Data
• Coding with JRebel: Java Forever Changed
• Utilizing Fast Testing to Transform Java Development
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• APIs for Java Programmers: Manage & Convert DOC, XLS, PPT, PDF & More

• Instantly Preview Java Code Changes: JRebel.com

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Java security evolution and concepts, Part 4

Learn how optional packages extend and enhance Java security

By Raghavan N. Srinivas, JavaWorld.com, 05/25/01

Page 3 of 6

    // Instantiate a login context
    LoginContext context = new LoginContext("name", CallbackHandler);
    // Authenticate the subject
    context.login();
    // Retrieve the authenticated subject
    Subject subject = context.getSubject();
    // Enforce Access Controls
    Subject.doAs(subject, action);

To implement a new login module, follow these suggested steps:

• Understand the authentication technology
• Name the LoginModule implementation
• Implement the abstract LoginModule method
• Compile the LoginModule
• Configure and test the LoginModule
• Document and package the LoginModule implementation

JAAS example program

The JAAS 1.0 kit includes a sample program. We will discuss the program without including the code. To run the sample, refer to the kit's policy files, command lines, and other relevant material.

The sample program first instantiates a LoginContext. The LoginContext consults the login configuration, which in this example points to a single module: SampleLoginModule. The SampleLoginModule, loaded to perform the authentication, prompts for a username and password. Entering "testUser" for the username and "testPassword" for the password, the SampleLoginModule associates a SamplePrincipal (with "testUser" as its name) with the current Subject, and then executes the SampleAction as that Subject (by calling Subject.doAs).

The SampleAction, a privileged action, attempts to access two System properties (java.home and user.home), and also attempts to access the file foo.txt in the current working directory. This process will succeed only for the appropriate users, thereby accomplishing user-based authentication.

Java Cryptography Extension (JCE)

As we saw in the previous section, JAAS supplements Java core security by providing a framework for user-based authentication and authorization. Along the same lines, JCE enhances core security by adding support for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. JCE supplements the algorithms available in core Java security such as digital signatures or one-way hash functions. JCE extends the Java Cryptography Architecture (JCA), with which it is possible to use multiple CSPs (Cryptography Service Provider), thereby promoting implementation independence, as seen in Figure 3.