Stack Overflow
Stack Overflow

Questions tagged [jaas]

JAAS is the Java Authentication and Authorization Service found in the JRE (1.4+).

The Java Authentication and Authorization Service (JAAS) is a Java security framework for user-centric security to augment the code-based security. Since JRE 1.4, JAAS has been integrated with the - previously JAAS was supplied as an extension library by Sun.

The main goal of JAAS is to separate the concerns of user authentication so that they may be managed independently. While the former authentication mechanism contained information about where the code originated from and who signed that code, JAAS adds a marker about who runs the code.

By extending the verification vectors JAAS extends the security architecture for Java applications that require authentication and authorization modules.

Useful Links:

937 questions
6
votes
3 answers

JAAS automatic login without showing a login page/form

I have a java webapp that uses Spring MVC. the webapp is running on a jboss AS7.1 server that uses the JAAS login module with form-authentication. Logging in works smoothly when the user fills in his username and password on the form. I would now…
user1884155
  • 3,616
  • 4
  • 55
  • 108
6
votes
2 answers

Can't map roles to groups using ibm-application-bnd.xml

I'm trying to map user groups using ibm-application-bnd.xml. Put it into META-INF folder. On try to access secure page get next message: [08.05.15 17:42:21:242 MSK] 00000084 WebCollaborat A SECJ0129E: ... GET в null:/loginmodule/date/,…
Gregory
  • 413
  • 5
  • 16
6
votes
1 answer

How does java LoginContext.login() work?

I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new LoginContext( "myAuth", new…
tangens
  • 39,095
  • 19
  • 120
  • 139
6
votes
2 answers

Wildfly custom login modules error

I implemented a custom loginModule that is accessed via a web service and checks a username and password infront of a JPA accessed DB. I ran it on jboss 7.1 and it worked fine, but after moving it to Wildfly (and adding what i think is the right…
ido flax
  • 528
  • 1
  • 10
  • 19
6
votes
1 answer

Wildfly caches roles after logout in a web application

jboss-web.xml my-aktion
janor
  • 179
  • 1
  • 10
6
votes
2 answers

How to make each user access resources at a specific location according to their authority/role in JAAS?

I'm using GlassFish server 4.0 in which I have assigned different authorities/roles to different users. A user may have multiple authorities/roles. For example, an admin user may be associated with ROLE_ADMIN (to perform administrative tasks) and…
Tiny
  • 27,221
  • 105
  • 339
  • 599
6
votes
2 answers

Is it possible to invoke methods of secured EJBs through message-driven beans?

When a user logs in, I need to insert a message (the host name, just as an example) into the database. Since it is just a text message, injecting an EJB to a client (Servlets, JSP, JSF or something else) is quite unnecessary. The client, in this…
Tiny
  • 27,221
  • 105
  • 339
  • 599
6
votes
2 answers

Relative path for JAAS keytab configuration

I have a system wherein .NET clients authenticate against a Java server with Kerberos. Everything works, but I'm trying to improve the server configuration. Currently a keytab file is required in the root of C:\ because my jaas.conf looks like…
Kent Boogaart
  • 175,602
  • 35
  • 392
  • 393
6
votes
1 answer

Kerberos Auth with JAAS and multiple realms

All, Can anybody provide advice on how to use the JAAS LoginContext to do an authentication against multiple KDC/Realm combination. In other words, if attempt 1 fails against realm A, try realm B. Something like the pseudo-code below. As always, any…
Shawn Eion Smith
  • 417
  • 4
  • 18
5
votes
2 answers

How to handle session timeout when using Servlet 3.0 programmatic security

Regarding Servlet 3.0 programmatic security, when a session times out there is no way to invoke HttpServletRequest#logout(). Does the user remain logged into JAAS? If so, what is best practice to handle logging out of JAAS after session times out?…
Patrick Garner
  • 3,201
  • 6
  • 39
  • 58
5
votes
1 answer

Configuring JAAS on Liferay Portal

Could anybody provide pointers to configure jaas on liferay portal using customized login module.
mohan
  • 229
  • 3
  • 12
5
votes
1 answer

java.security.auth.login.config file in path with space

When I execute System.setProperty("java.security.auth.login.config", ejbLoginConfig); using ejbLoginConfig = "../conf/weblogicdomain.conf" and my client is in a path containing spaces, I get a ClassNotFoundException for my EJB call: Caused by:…
stracktracer
  • 1,862
  • 5
  • 24
  • 37
5
votes
2 answers

User managed security in Java EE

I want to protect my JSF pages in a Java EE 6 app. I want to store users and roles in the DB and have privileged users administer them via a web tool. The privileged users would add users to roles and set certain pages to require certain roles…
retrodev
  • 2,323
  • 6
  • 24
  • 48
5
votes
0 answers

Can the 'default native GSS-API on Windows' in Java 12 support SSO with JAAS by using the Krb5 principal of the user executing the JVM?

Vanilla Krb5LoginModule is working, prompting for creds In my modest usage of JAAS -> JGSS -> Kerberos -> Windows thus far, I have set up a Krb5LoginModule When I do: Subject.doAs( new LoginContext(...)).login(), // subject new…
David Bullock
  • 6,112
  • 3
  • 33
  • 43
5
votes
1 answer

JAAS LoginModule flags

I'm trying to work out how the Login module flags work in JAAS (using JBoss 5.1 EAP) and I've come across a puzzling situation that I'm hoping someone can clarify for me. For background, my login-config.xml looks like this:
bwobbones
  • 2,398
  • 3
  • 23
  • 32
1 2 3
62 63