JAAS allows tremendous flexibility in the kind of authentication procedures required of a Subject, the order in which they're performed, and the combinations of authentication success or failure required before the Subject is deemed authenticated.

JAAS uses the login.config file to specify the terms of authentication for each login module. The login.config file is specified on the Java execution command line with the property -Djava.security.auth.login.config==login.config. Java has a default login configuration file, so the double equals sign (==) replaces the system login configuration file. If a single equals sign were used the login.config file would add to, rather than replace, the system login configuration file. Because we don't know what might be in your system file, we do this to ensure reliable results across a wide range of tutorial users.

The login.config file contains a text string referenced in the LoginContext constructor and a list of the login procedures. Several parameters are used to specify the impact of the success or failure of a given login procedure on the overall authentication procedure. The parameters are as follows:

• required means that the login module must be successful. Other login modules will also be called even if it is not successful.
  
  
• optional means the login module can fail but the overall login may still be successful if another login module succeeds. If all the login modules are optional, at least one must be successful for the authentication to succeed.
  
  
• requisite means the login module must be successful, and if it fails no other login modules will be called.
  
  
• sufficient means that the overall login will be successful if the login module succeeds, assuming that no other required or requisite login modules fail.