Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
5. JAAS example
  


Variation 3: Policy file configuration page 7 of 8


In this final variation, we'll see what happens when we modify the access control policy. We start by modifying the grant file in the original login.config so that joeuser, not Brad has PersonnelPermission, as shown below:


grant Principal PrincipalImpl "joeuser" {
     permission PersonnelPermission "access";
};

Next, we run the application, entering the wrong password for joeuser. The results are shown below:


AlwaysLoginModule Login
Username? Brad

Login: AlwaysLoginModule SUCCESS

PasswordLoginModule Login
Username? joeuser
Password? wrongpw


Login: PasswordLoginModule Username Matches
Login: PasswordLoginModule Password Mismatch
Login: PasswordLoginModule FAIL
Commit: AlwaysLoginModule SUCCESS
Commit: PasswordLoginModule FAIL

OVERALL AUTHENTICATION SUCCEEDED

Subject:
           Principal: Brad

Payroll Access DENIED
Personnel Access DENIED
Logout: AlwaysLoginModule SUCCESS
Logout: PasswordLoginModule SUCCESS

As you can see, only Brad is in the Subject's Principal set. Both the attempted payroll access and the attempted personnel access have failed. Why? The first failed because there is no Principal named joeuser, and the second failed because there is no grant permission statement for Brad.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact