JAAS的目的:
for authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet; andfor authorization of users to ensure they have the access control rights (permissions) required to do the actions performed.
认证的简单例子:
- package com.lht.jaas;
- import javax.security.auth.login.*;
- import com.sun.security.auth.callback.TextCallbackHandler;
- /**
- * This JaasAcn application attempts to authenticate a user
- * and reports whether or not the authentication was successful.
- */
- public class JaasAcn {
- public static void main(String[] args) {
- // Obtain a LoginContext, needed for authentication. Tell
- // it to use the LoginModule implementation specified by
- // the entry named "JaasSample" in the JAAS login
- // configuration file and to also use the specified
- // CallbackHandler.
- LoginContext lc = null;
- try {
- lc = new LoginContext("JaasSample",
- new TextCallbackHandler());
- } catch (LoginException le) {
- System.err.println("Cannot create LoginContext. "
- + le.getMessage());
- System.exit(-1);
- } catch (SecurityException se) {
- System.err.println("Cannot create LoginContext. "
- + se.getMessage());
- System.exit(-1);
- }
- try {
- // attempt authentication
- lc.login();
- } catch (LoginException le) {
- System.err.println("Authentication failed: ");
- System.err.println(" " + le.getMessage());
- System.exit(-1);
- }
- System.out.println("Authentication succeeded!");
- }
- }
配置文件:
- JaasSample {
- com.sun.security.auth.module.Krb5LoginModule required;
- };
- grant codebase "file:./JaasAcn.jar" {
- permission javax.security.auth.AuthPermission
- "createLoginContext.JaasSample";
- };