Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
5. JAAS example
  


Variation 2: The power of PAM page 6 of 8


This variation is designed to demonstrate the utility of Pluggable Authentication Modules. We go back to the original login.config file, which says that AlwaysLoginModule is required and PasswordLoginModule is optional, and add an NTLoginModule (or any other module appropriate for your platform) to the file. The new module will be required. The modified login.config file should look like this:


JAASExample {
      AlwaysLoginModule required;
      PasswordLoginModule optional;
      com.sun.security.auth.module.NTLoginModule required;
};

Next, run the example. In the output below you'll note that a new authentication method has been added, as well as several nifty new Principals (and one public credential).


AlwaysLoginModule Login
Username? Brad

Login: AlwaysLoginModule SUCCESS

PasswordLoginModule Login
Username? joeuser
Password? joepw

Login: PasswordLoginModule Username Matches
Login: PasswordLoginModule Password Matches
Login: PasswordLoginModule SUCCESS
Commit: AlwaysLoginModule SUCCESS
Commit: PasswordLoginModule SUCCESS

OVERALL AUTHENTICATION SUCCEEDED

Subject:
           Principal: Brad
           Principal: joeuser
           Principal: NTUserPrincipal: Brad
           Principal: NTDomainPrincipal: WORKGROUP
           Principal: NTSidUserPrincipal:
S-1-5-21-2025429265-1580813891-854245398-1004
           Principal: NTSidPrimaryGroupPrincipal: 
S-1-5-21-2025429265-1580418891-85 4245398-513
           Principal: NTSidGroupPrincipal: 
S-1-5-21-2025429265-1580818891-854245398-513
           Principal: NTSidGroupPrincipal: S-1-1-0
           Principal: NTSidGroupPrincipal: S-1-5-32-544
           Principal: NTSidGroupPrincipal: S-1-5-32-545
           Principal: NTSidGroupPrincipal: S-1-5-5-0-49575

           Principal: NTSidGroupPrincipal: S-1-2-0
           Principal: NTSidGroupPrincipal: S-1-5-4
           Principal: NTSidGroupPrincipal: S-1-5-11
           Public Credential: NTNumericCredential: 1240

joeuser has Payroll access

Subject has Personnel access

Logout: AlwaysLoginModule SUCCESS
Logout: PasswordLoginModule SUCCESS

And the cool thing is, we didn't even touch our application code. All of the above changes come from the native OS authentication mechanism. This should give you an inkling of the power of PAM.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact