Java Authentication and Authorization Service

from Wikipedia, the free encyclopedia

Java Authentication and Authorization Service ( JAAS ) is a Java - API , which makes it possible to provide services for authentication and access rights in Java programs. JAAS is based on the Pluggable Authentication Modules (PAM) and thus supports user-based authorization . JAAS was delivered as an extension from version 1.3.1 of the Java Platform, Standard Edition and is part of the Java Platform from version 1.4 (both Standard Edition and EnterpriseEdition ). The associated interfaces and classes are defined in the "javax.security.auth" package.

functionality

JAAS defines standard classes and a framework that is predefined via several interfaces , so that a Java program can authenticate users via a process and manufacturer-neutral interface. The actual authentication logic is outsourced to provider modules.

The actual definition of how a program using JAAS should authenticate users and via which authentication data sources this should be done is specified in a Java Properties configuration file . In this way, the authentication method used can also be changed after a program has been completed without having to modify the program code.

commitment

Due to the easily changeable configuration file and the basic structure of a Java program, every user with direct access to the class and property files of a JAAS program can very easily exchange the provider modules used and thus circumvent the security restrictions provided by a program. For this reason, JAAS has so far hardly established itself in 2-layer applications in which the application logic runs on the user's end devices.

The following provider modules are supplied with Java 1.4: Unix, NT LAN Manager, Kerberos . As of Java 6.0, an LDAP authentication provider is also included.

JAAS can be safely used in 3-layer applications in which the application logic is outsourced to an application server beyond the reach of users. JAAS is now also a de facto market standard for authentication there. This standard is further consolidated, as all well-known manufacturers of Java application servers meanwhile basically deliver several ready-to-use JAAS provider modules with their application servers, which cover common authentication protocols (e.g. LDAP , SAML , PKI certificates, SQL databases ).

A bridge module is required for a connection to the PAM authentication modules common in the Unix environment . a. free implementations are available.

Web links