JAAS

1
JAAS

• Qingyang Liu and Lingbo Wang
• CSCI 5931.01 Web Security
• April 2, 2003

2
Topics

• JAAS

3
JAAS

• JAAS stands for Java Authentication and
  Authorization Service. It grants permissions
  based on who is executing the code.
• JAAS uses Pluggable Authentication Modules(PAM)
  for authentication.
• Different modules can be plugged in, allowing the
  user to be authenticated against most PAM-capable
  mechanisms.
• JAAS will be integrated into J2EE, Java 2
  Enterprise Edition and JDK 1.4.

4
JAAS Classes

• JAAS defines the following packages
• O javax.security.auth
• O javax.security.auth.callback
• O javax.security.auth.login
• O javax.security.auth.spi

5
Important ones

• javax.security.auth.Subject
• javax.security.auth.spi.LoginModule
• javax.security.auth.login.Logincontext
• javax.security.auth.login.Configuration
• javax.security.auth.callback.Callback
• javax.security.auth.callback.CallbackHandler

6
Subject

• The subject class represents a single entity
  using the system. A subject can possess one or
  more identities by an instance of java. security.
  Principal. The method getPrincipal () returns a
  Set of those principals.
• Subjects also contain a list of credentials (
  public and private). Credentials can be accessed
  via Subject. getPublicCredentials () and Subject.
  getPrivateCredentials ( ) . Credentials are just
  objects, and don't inherit from a superclass or
  implement an interface.
• Subjects represent who is running the currently
  executing code. The active subject can be fetched
  with the static method Subject . getSubject () .

7
LoginModule

• LoginModule is an interface that must be
  implemented in order to provide authentication.
• Multiple login modules can be used at a time, and
  JAAS will attempt to log in via each of them.
  JAAS can be configured to allow or deny logins
  based on which of those various attempts succeed.
  
• Loginmodule defines five methods, initialize () ,
  login(), commit () , abort ( ) , and logout ( ),
  to implement a two-phase commit for
  authentication when using multiple authentication
  methods.

8
LoginModule(cont.)

• inltialize(Subject subject, CallbackHandler
  handler, Map sharedState, Map options)
• This method sets up the LoginModule to be
  used to attempt a login.  
• login()
• This method checks the credentials of the
  subject passed in earlier. How this is done is
  implementation-dependent.  
• commit()
• If the necessary logins were successful, JAAS
  will call commit () on each login module.  
• abort()
• As the necessary login modules failed, the the
  abort () method is called. 
• logout()
• This method logs out a subject.

9
LoginContext

• The login context is used to actually log in. The
  code performing the authentication instantiates a
  LoginContext, which then uses a Configuration to
  determine which login modules to use to
  authenticate a subject. The code attempting to
  authenticate then calls login () on the
  LoginContext.

10
Configuration

• Configuration is an abstract class that defines
  how a LoginContext and Loginmodules should be
  used.
• The main use of a configuration is to determine
  which login modules need to be called and states
  of the entire login process. There are four
  possibilities
• O Required - must succeed for the entire login
  to succeed. Even fails, the other login modules
  are queried.
• O Requisite - If fails, the login process is
  short-circuited and no more login modules are
  called.
• O Sufficient - If this module succeeds and no
  required or requisite modules fail, the entire
  login succeeds.
• O Optional - This modules' success doesn't
  impact on the remainder of the login process. If
  no sufficient, requisite, or required modules
  fail, the login succeeds, regardless of whether
  an optional module succeeds.

11
Callback CallbackHandler

• The Callback interface contains no methods. It is
  simply there to tag classes that can be used to
  provide information from code attempting a login
  to the login module.
• The CallbackHandler interface defines one method
  handle (Callback callbacks).This method
  iterates through the callbacks provided and adds
  the requested information to each one.

12
Authentication Example

• The handle() method
• Code in the book p.247
• The getName () method
• The PasswordLoginmodule
• The initialize () method
• The login () method
• The commit () method
• The abort () method
• The logout () method

13
Running the Example

• You should have the following files
• O jaas.config
• O JAASSampleApp.java
• O PasswordLoginModule.java
• O PrincipalImpl.java
• UsernamePasswordCallbackHandler.Java
•  
•  Compile them with
• C\gt javac .Java.

14
Running the Example

• We need to specify the location of the config
  file to the VM when we actually execute the
  application like so
• C\gt Java -Djava.security.auth.login.config
  jaas.config JAASSampleApp testuser sasquatch
• If all is successful, you should see your
  authenticated subject displayed like so
•  Subject
• Principal testuser
• Otherwise, you will see the exception thrown.

15
Authorization

• There are two types of authorization when using
  JAAS declarative and programmatic. Just like in
  the servlet and EJB security models, we can
  define static configurations that allow and
  disallow access to resources, or we can write
  code that uses more sophisticated logic to
  determine how to dole out our resources based on
  who is running the code.

16
Declarative Authorization

• JAAS adds a new configuration directive to the
  policy file that defines permissions. We talked
  about the codebase and the signedby directive in
  Chapter 7, but now we're going to describe the
  Principal directive. This directive allows you to
  specify who must be running some code in order to
  have a certain permission. Here's a sample entry
  that you might use in a policy file
• grant Principal PrincipalImpl "testuser"
  permission java.io.FilePermission
  "c\test\test.txt", "read,write"
•  
• Declarative authorization is seldom actually
  used.

17
Programmatic Authorization

• It can be valuable to determine who is running
  the current code. You can get the current
  subject by call the static method getSubject ()
  in the Subject class. This method requires an
  instance of java. security. AccessControlContext,
  which can be retrieved by using the method
  getcontext () in Java. security.
  AccessController. The code likes
• AccessControlContext context
  Accesscontroller.getContext()
• Subject subject Subject.getSubject(context)
• The retrieved subject can then be checked for
  principals to see what action should be
  performed.  

18
Programmatic Authorization

• To run code as a specific subject, we need to use
  the Subject. doAs ( ) method, which takes a
  subject and a java. security. PrivilegedAction,
  and runs the action as the subject.
•  
• // Now were logged in, so we can get the
  //current subject.
• Subject subject loginContext.getSubject()//
  Perform the example action as the //authenticated
  subject.
•  
• subject.doAs(subject, new ExampleAction())

19
Bibliography

• 1 J. Garms and D. Somerfield. Professional Java
  Security. Wrox Press Ltd., 2001, pp. 244258.
• 2 Scott Oaks. Java Security, 2nd ed. OReilly,
  2001.
• 3 J. Jaworski, et al. Java Security handbook.
  Sams Publishing, 2000.
• 4 http//java.sun.com/Java Security
• 5 http//java.sun.com/products/jaas