Stack Overflow
Stack Overflow

Questions tagged [jaas]

JAAS is the Java Authentication and Authorization Service found in the JRE (1.4+).

The Java Authentication and Authorization Service (JAAS) is a Java security framework for user-centric security to augment the code-based security. Since JRE 1.4, JAAS has been integrated with the - previously JAAS was supplied as an extension library by Sun.

The main goal of JAAS is to separate the concerns of user authentication so that they may be managed independently. While the former authentication mechanism contained information about where the code originated from and who signed that code, JAAS adds a marker about who runs the code.

By extending the verification vectors JAAS extends the security architecture for Java applications that require authentication and authorization modules.

Useful Links:

937 questions
14
votes
1 answer

Understanding authentication in a Java Application Server

I'm currently working on a project running on JBoss AS 7 that requires authentication from a variety of sources. I'm trying to get an understanding of the various components that combine to provide authentication. I have some assumptions / guesses…
Phyxx
  • 15,730
  • 13
  • 73
  • 112
14
votes
5 answers

Java Web Application: Using a custom realm

I'm writing a java web application which need to perform login through a webservice. Of course, none of the realms supplied with the application server I'm using (glassfish v2) can do the trick. I therefore had to write my own. It seems however,…
LordOfThePigs
  • 11,050
  • 7
  • 45
  • 69
14
votes
4 answers

How to obtain logged in user name in JSF when using container managed authentication

I have configured a form based log in in my JSF 2.0 Application on GlassFish 3 server, using a custom Realm. What is the simpliest way of getting information about a logged in user, i.e. the users name. Is this possible? Or is the current session…
Tobbe Brolin
  • 455
  • 1
  • 3
  • 13
14
votes
1 answer

What goes on when using kinit with a keytab file

Wish to get more understanding on the use of kinit and keytab file. For example, if I already have a keytab file generated for a service ( the service registered to active directory by ktpass -mapuser to someuseraccount ) ktab -k "mykeytab" -a…
dorothy
  • 1,213
  • 5
  • 20
  • 35
14
votes
4 answers

JSF authentication and authorization

What is the best way to go about implementing authentication and authorization for a JSF web application? Preferrably I'd still want to use container-based security, as I need to call EJBs that require the principal. I realize form-based…
Zecrates
  • 2,952
  • 6
  • 33
  • 50
13
votes
2 answers

Why should i use JAAS against hand-written security?

I got hand-written security, simple servlet-filter which redirect not-authorized user to their login pages. Login controller redirect them to the requested URL after successfull authentication or their main page. This approach work fine, the only…
user12384512
  • 3,362
  • 10
  • 61
  • 97
13
votes
2 answers

JAX-WS vs SAAJ Style, Which to Use

What is difference, philosophical or otherwise, between calling a web service from Java code using Service and Dispatch classes, vs a SOAPConnection class? For example, something like this: SOAPConnectionFactory scf =…
user186668
  • 251
  • 3
  • 16
12
votes
7 answers

Java Security Framework

Security always tends to take the last place in a new project. Or you use a framework like Spring where security is already build-in and can be switched on easily. I try to find an open security framework that can be plugged-in to both Swing and Web…
javadude
  • 1,763
  • 1
  • 19
  • 38
12
votes
3 answers

Where to place security configuration file in WAR?

I'm trying to use JAAS for authentication in my WAR. I understand that my configuration file (another link) should be placed somewhere (as explained here). Unfortunately, I can't understand where exactly, if we're talking about WAR? And how to name…
yegor256
  • 102,010
  • 123
  • 446
  • 597
11
votes
1 answer

How to define Tomcat security Realms per webapp

When using JAAS JDBCRealms with Tomcat, I usually define the realm in server.xml. But now I am looking for a simpler solution, where I don't have to configure the Tomcat container when deploying the application. If possible, I would like to keep…
alfonx
  • 6,936
  • 2
  • 49
  • 58
11
votes
2 answers

Login to webapp2 from webapp1 using JAAS

I have two java webapps who run on the same jboss server but in a different domain: http://host:port1/context1/ http://host:port2/context2/ All content from both websites is secured by using a JAAS loginmodule. I would now like to create a button…
user1884155
  • 3,616
  • 4
  • 55
  • 108
11
votes
1 answer

JAAS configuration and LDAP login module in JavaEE 6

I'm writing a question here because I haven't been able to find the solution myself for months. My situation: I have a client-server application written on java which uses Java2ee 6 and EJB3.0. The server side is deployed on the glassfish 3.0. I…
Oleg
  • 467
  • 1
  • 8
  • 17
10
votes
1 answer

How to add JVM parameters to Apache Kafka?

When configuring authentication for kafka, the document mentioned that JVM parameters need to be added when starting kafka server. like: -Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf Since we are using bin/kafka-server-start.sh…
Jakim
  • 1,713
  • 7
  • 20
  • 44
10
votes
3 answers

JAAS, Spring Security or Apache Shiro

Just a quick question regarding security frameworks in java. To date JAAS has always been my go to framework. Yes people complain that it is very difficult to setup and it requires hooks into your underlying system but it does it's job and has the…
user1094865
10
votes
5 answers

Use of private and public credentials in JAAS

In an interview interviewer asked me why you need private credentials in JAAS? We can access both public credentials and private credentials like : Set privateCredentials = subject.getPrivateCredentials(); Set publicCredentials =…
Shreyos Adikari
  • 12,348
  • 19
  • 73
  • 82
1
2
3
62 63