A LoginModule is an interface for the methods necessary to participate in the JAAS authentication process. Because the success or failure of a specific login procedure may not be known until other login procedures are executed, a two-phase commit process is used to determine success. The following methods are implemented by a LoginModule object:

• initialize( subject, callbackHandler, sharedState, options) initializes the LoginModule. (Note that a discussion of sharedState and options is beyond the scope of this tutorial.)
  
  
• login() sets up any necessary callbacks, calls the CallbackHandler to handle them, and compares the returned information (that is, username and password) with the permitted values. If there's a match, the login module is successful, although it could still be aborted if another login module is unsuccessful, depending on the settings in the login.config file.
  
  
• commit() is called to determine success as part of the two-phase commit process. If all login modules are successful subject to the constraints specified in the login.config file, a new Principal is created along with the username, and added to the Subject's principal set.
  
  
• abort() is called if the overall login is unsuccessful; if an abort occurs the internal LoginModule state must be cleaned up.
  
  
• logout() is called to remove the Principal from the Subject's principal set and do other internal state cleanup.

The following two panels illustrate two login modules. The first, AlwaysLoginModule, is always successful. The second, PasswordLoginModule, is only successful if the user ID and password match certain hard-coded values. While neither of the example modules is a realistic implementation, together they demonstrate the results of a variety of JAAS options.