Questions tagged [jaas]

JAAS is the Java Authentication and Authorization Service found in the JRE (1.4+).

The Java Authentication and Authorization Service (JAAS) is a Java security framework for user-centric security to augment the java code-based security. Since JRE 1.4, JAAS has been integrated with the jre - previously JAAS was supplied as an extension library by Sun.

The main goal of JAAS is to separate the concerns of user authentication so that they may be managed independently. While the former authentication mechanism contained information about where the code originated from and who signed that code, JAAS adds a marker about who runs the code.

By extending the verification vectors JAAS extends the security architecture for Java applications that require authentication and authorization modules.

Useful Links:

937 questions

160

votes

4 answers

Performing user authentication in Java EE / JSF using j_security_check

I'm wondering what the current approach is regarding user authentication for a web application making use of JSF 2.0 (and if any components do exist) and Java EE 6 core mechanisms (login/check permissions/logouts) with user information hold in a JPA…

jsf jakarta-ee authentication jaas j-security-check

asked Feb 05 '10 at 11:45

ngeek

7,733
11
36
42

votes

6 answers

JAAS for human beings

I am having a hard time understanding JAAS. It all seems more complicated than it should be (especially the Sun tutorials). I need a simple tutorial or example on how to implement security (authentication + authorization) in java application based…

java security spring spring-security jaas

asked Mar 09 '09 at 23:27

Dan

11,077
20
84
119

votes

1 answer

How can I delegate JAAS authorization checks to Shiro?

I'm developing a server-side application that needs authentication and authorization based on objects. I like Shiro's simplicity, but for being compatible with JAAS, I wrote a LoginModule that uses Apache Shiro as the underlying mechanism. But my…

java authorization authentication jaas shiro

asked Apr 20 '11 at 20:13

Deniz Acay

1,609
1
13
24

votes

1 answer

Using Mockito, how do I intercept a callback object on a void method?

I'm using mockito to test a legacy JAAS/LDAP login module. The javax.security.auth.callback.CallbackHandler interface defines the function: void handle(javax.security.auth.callback.Callback[] callbacks) I'm expecting callbacks to contain a…

java unit-testing callback jaas mockito

asked Aug 27 '10 at 06:11

brasskazoo

76,030
23
64
76

votes

1 answer

Kafka "Login module not specified in JAAS config"

I have a problem communicating with Kafka secured with sasl using console scripts. Kafka is secured with sasl, listener is SASL_PLAINTEXT and mechanism is PLAIN. What I did: I tried listing some data using one of kafka…

java apache-kafka jaas sasl

asked Aug 18 '17 at 12:22

Tomasz

votes

3 answers

Bypassing JConsole requirement for username/password - when using a Jaas custom login module with JMX to handle authorization and authentication

I'm using JConsole to access an MBean that is running. The MBean uses a custom Jaas login module and is run with the following command: java -classpath UserLGUGroupHandlingApplication.jar;MBeanSecure.jar…

java authentication jmx jaas jconsole

asked May 19 '15 at 14:33

Loco234

votes

11 answers

Is there a reason why software developers aren't externalizing authorization?

The value proposition of externalizing identity is starting to increase where many sites now accept OpenID, CardSpace or federated identity. However, many developers haven't yet taken the next step to externalize authorization and use approaches…

c# java .net security jaas

asked Jun 05 '09 at 11:23

McGovernTheory

6,556
4
41
75

votes

3 answers

When to move from Container managed security to alternatives like Apache Shiro, Spring Security?

I am trying to secure my application which is built using JSF2.0. I am confused about when do people choose to go with security alternatives like Shiro, Spring Security or owasp's esapi leaving behind container managed security. Having seen some of…

java security jsf jaas shiro

asked Oct 16 '11 at 06:17

Rajat Gupta

25,853
63
179
294

votes

1 answer

Glassfish 3.1 default principal to role mapping

I am working with glassfish and jaas module. I configured my web.xml in this way.

ALL Page for admin

/* …

java jakarta-ee glassfish jaas

asked Jul 18 '11 at 02:28

user789148

votes

4 answers

javax.security.auth.login.LoginException: No LoginModules configured for SomeLogin

Well I'm trying to create JAAS authentication for my Servlet (running on Tomcat 7 in Eclipse), but I'm getting this error. He're's the complete stack trace: '` INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 Geg 19, 2013 9:53:08 PM…

java eclipse authentication tomcat jaas

asked May 19 '13 at 19:53

Arturas M

4,120
18
50
80

votes

1 answer

Java and Kerberos authentication krb5.conf versus System.setProperty

Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and prints true- public class KerberosAuthenticator { …

java kerberos jaas

asked Sep 16 '09 at 09:40

Keshav

4,408
8
31
50

votes

2 answers

Security constraint in web.xml for authenticated users without role memberships

I am quite desperate, because I think there must be an easy solution to my problem but I am searching - to no avail. I am using a custom Realm in Glassfish 3.1.1. This custom realm (implements AppservPasswordLoginModuleInterface) takes a security…

java glassfish web.xml jaas

asked Jan 11 '12 at 17:00

msaladin

votes

2 answers

How to validate a Kerberos ticket against a server in Java?

we are using JAAS to enable Single Sign On in a Java application using the Windows Kerberos ticket cache. Our jaas.conf config file looks like this: LoginJaas { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true …

java active-directory single-sign-on kerberos jaas

asked Feb 09 '10 at 17:14

user269667

votes

1 answer

In simplest terms, can anyone explain to me the difference between JAAS, JACC and JASPIC?

I'll be honest. I've been a developer for a quite some time now but its the first time I've heard of JACC ans JASPIC. I understand that they are standards used by authorization providers, but how exactly to they differ from JAAS? and when would we…

jakarta-ee java-ee-6 jaas jaspic jacc

asked Mar 24 '15 at 23:54

Hingle McJingleberry

votes

2 answers

Java EE Security: JASPIC / JAAS or apply a Security Framework? (Glassfish 3)

I am currently using Oracle ADF (which is an end-to-end Java EE framework) for building my web applications and GlassFish 3.1 as application server. The latter supports JAAS (declarative inside its admin console). So, I have created a security realm…

java security glassfish-3 jaas jaspic

asked Mar 11 '14 at 21:18

Endrik

2,238
3
19
33

2 3

…

62 63 Next