JAAS example

IBM Home

Products

Consulting

Industries

News

About IBM

IBM developerWorks : Java : Education - Tutorials

Example results and notes page 3 of 8

Here's the result of running JAASExample:


AlwaysLoginModule Login
Username? Brad

Login: AlwaysLoginModule SUCCESS

PasswordLoginModule Login
Username? joeuser
Password? joepw

Login: PasswordLoginModule Username Matches
Login: PasswordLoginModule Password Matches
Login: PasswordLoginModule SUCCESS
Commit: AlwaysLoginModule SUCCESS
Commit: PasswordLoginModule SUCCESS

OVERALL AUTHENTICATION SUCCEEDED

Subject:
           Principal: Brad
           Principal: joeuser

joeuser has Payroll access

Subject has Personnel access

Logout: AlwaysLoginModule SUCCESS
Logout: PassswordLoginModule SUCCESS

Here's a blow-by-blow description of the normal execution in the above result:

The login.config defines two login modules; AlwaysLoginModule is required. It runs first.
AlwaysLoginModule starts with the login phase, which calls the callback handler to get the username (Brad). Login is successful.
The second login module, PasswordLoginModule, is optional. It runs next, calling the callback handler to get both the username (joeuser) and password (joepw), both of which match. This login is also successful.
Because both the required and optional modules succeed, commit is called on both login modules, and the whole authentication is a success. As a result, the Subject now contains both Principals, Brad and joeuser.
The payroll program, which uses programmatic authorization, checks to see if joeuser is in the Subject's Principal set, which it is, and grants it access.
The personnel program, which uses declarative authorization, sees that there is a grant statement in the jaas.policy file, granting Brad permission to the PersonnelPermission, so it also succeeds.
Both login modules logout.

Privacy		Legal		Contact