Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
3. Authentication in JAAS
  


Subjects and Principals page 2 of 13


A Subject is a Java object that represents a single entity, such as an individual. A single Subject can have a number of associated identities, each of which is represented by a Principal object. So, say a single Subject represents an employee who requires access to both the e-mail system and the accounting system. That Subject will have two Principals, one associated with the employee's user ID for e-mail access and the other associated with his user ID for the accounting system.

Principals are not persistent, so they must be added to the Subject each time the user logs in. A Principal is added to a Subject as a part of a successful authentication procedure. Likewise, a Principal is removed from the Subject if the authentication fails. Regardless of the success or failure of authentication, all Principals are removed when the application performs a logout.

In addition to containing a set of Principals, the Subject can contain two sets of credentials: one public and one private. A credential is a password, key, token, and so on. Access to the public and private credential sets is controlled by Java permissions, which we'll discuss later in the tutorial. A complete discussion of credentials is beyond the scope of this tutorial.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact