Java Reference
In-Depth Information
Coniguration
—his is an abstract class for representing the coniguration of LoginModules
under an application. he
javax.security.auth.login.Configuration
speci-
ies the LoginModules that should be used for a particular application and in what order the
LoginModules should be invoked. his abstract class needs to be subclassed to provide an
implementation that reads and loads the actual coniguration object.
LoginModule
—he
javax.security.auth.
LoginModule
interface in the JAAS
is a very useful interface that allows the developers to implement diferent kinds of authen-
tication technologies that can be plugged in under an application. For instance, one type
of LoginModule may perform a username/password pair-based authentication. Other
LoginModules may interface to hardware devices such as biometric devices, smart cards, or
other authenticating techniques.
CallbackHandler
—During the execution of a business process, there might be a need for a
LoginModule to communicate with the subject to obtain authentication information. In such
cases, LoginModules use a
javax.security.auth.callback.CallbackHandler
for this purpose. Applications that implement the CallbackHandler interface pass it to
the LoginContext object, which forwards it directly to the underlying LoginModules. A
LoginModule essentially uses the CallbackHandler to gather input from diferent subjects
(such as a password or pin number of a smart card) or to supply information to subjects (such
as status).
Callback
—he
javax.security.auth.callback
interface and its several implemen-
tations are available as a part of callback package. LoginModules may pass an array of call-
backs directly to the handle method of a CallbackHandler.
CallbackHandlers and callbacks let the LoginModule obtain all the necessary authentica-
tion information from a user or system for obtaining the credential information of the sub-
ject. he JAAS environment provides seven built-in callbacks in the
javax.security.
auth.callback
package such as
ChoiceCallback,
ConfirmationCallback,
LocaleCallback,
NameCallback, PasswordCallback,
TextInputCallback,
and
TextOutputCallback
. Likewise, the JAAS environment provides two CallbackHandlers in
the
com.sun.security.auth.callback
package, namely,
DialogCallbackHandler
and
TextCallbackHandler
. Based on the needs of the authentication scenarios of the Web
application in question, the CallbackHandlers and callbacks are used for implementing the
authentication process.
he process of authentication can now be best explained using Figure 7.5.
Any typical Web application uses LoginContext as its primary class for authenticating sub-
jects. he LoginContext class loads the coniguration information from a text ile, which, in turn,
enables the LoginContext to use which LoginModules during the authentication operation.
LoginModule is the interface to speciic authentication mechanisms. he new Java SE develop-
ment kit ships with a set of ready-to-use LoginModules, including the following—
JndiLogin-
Module,
UnixLoginModule,
Krb5LoginModule,
and
NTLoginModule.
◾
JndiLoginModule
—his module veriies against a directory service conigured under
Java Naming and Directory Interface (JNDI).
UnixLoginModule
◾
—his module uses the current user's underlying Unix operating
environment's security information to authenticate.
Krb5LoginModule
◾
—his module authenticates using Kerberos protocols.
Search WWH ::
Custom Search