Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
3. Authentication in JAAS
  


Example login.config file page 7 of 13


The login.config file we'll use in this tutorial is as follows:


JAASExample {
      AlwaysLoginModule required;
      PasswordLoginModule optional;
};

As you see, the AlwaysLoginModule must succeed and the PasswordLoginModule can either succeed or fail. This isn't a realistic scenario, but we'll modify these parameters later to see how different configurations change the code behavior.

The important thing to realize about this login configuration technique is that it leaves all major decision making (such as the types of authentication required and the specific criteria for success or failure of authentication) to be established at deployment time. A successful login will result in the addition of a new Subject to the LoginContext, with the addition of any number of successfully authenticated Principals to that Subject.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact