Java authentication and authorization service
For authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet.
For authorization of users to ensure they have the access control rights (permissions) required to do the actions performed.
JAAS implements a Java version of the standard Pluggable Authentication Module (PAM) framework. This plug ability permits applications to remain independent from underlying authentication technologies. New or updated authentication technologies can be plugged in without requiring modifications to the application. Applications enable the authentication process by instantiating a
LoginContext object, which in turn references a configuration to determine the authentication technology, or
LoginModule, that is to be used in performing the authentication. The
LoginModule interface provides developers the ability to implement different kinds of authentication technologies that can be plugged in an application.
For example, one type of
LoginModule might perform a username and password based form of authentication. Other
LoginModules might involve more sophisticated authentication mechanisms.
NSJ product includes
LoginModule interfaces implemented by Oracle, such as
JndiLoginModule and
KeyStoreLoginModule, but does not provide a
LoginModule that interfaces to the Safeguard subsystem on NonStop systems. You can also develop your own
LoginModule implementation.
For more information on writing a
LoginModule implementing an authentication technology, see
JAASLoginModule Developer's Guide
.