Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
5. JAAS example
  


Variation 1: Login configuration page 5 of 8


First, let's see what happens if we change the login.config file so that both login modules are required in order for authentication to be a success. The new config is:


JAASExample {
      AlwaysLoginModule required;
      PasswordLoginModule required;
};

And here's the resulting output:


AlwaysLoginModule Login
Username? Brad

Login: AlwaysLoginModule SUCCESS

PasswordLoginModule Login
Username? joeuser
Password? wrongpw

Login: PasswordLoginModule Username Matches
Login: PasswordLoginModule Password Mismatch
Login: PasswordLoginModule FAIL
Abort: AlwaysLoginModule SUCCESS
Logout: AlwaysLoginModule SUCCESS
Abort: PasswordLoginModule FAIL

OVERALL AUTHENTICATION FAILED

When joeuser entered the wrong password, the PasswordLoginModule failed just like it did before. Because this module was required, however, the abort phase ran and the overall authentication failed. No sensitive code was executed.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact