|
JAAS infrastructure has two services: authentication and authorization. Explain the two services.JAAS authentication component reliably and securely determines who is currently processing Java code. The code could be running an application, an applet, a bean or even a servlet / JSP.
JAAS authorization component provides the means to restrict the Java code processing from performing sensitive tasks. This depends upon code source and depending on the user authenticated.
JAAS infrastructure has two services: authentication and authorization. Explain the two services.JAAS authentication:
1. JAAS authentication is deployed in a pluggable manner, using code modules that implement certain interfaces.
2. This enables Java applications to remain decoupled from the underlying authentication technologies.
3. Additional authentication protocols and updated authentication technologies can be plugged in at runtime without modifying the application or recompiling the source code.
4. The JAAS Authentication API is quite extensive and includes the following key interfaces and classes:
Callback
CallbackHandler
LoginContext
LoginModule
Principal
Subject
JAAS Authorization:
1. JAAS authorization is built on top of JAAS authentication. It augments the existing code-centric access controls with new user-centric access controls. In this way.
2. After a user has been authenticated by JAAS, the authorization API associates the Subject with an appropriate access control context.
3. Whenever the Subject attempts a restricted operation, the Java runtime consults the policy file to determine which Principal(s) may perform the operation.
4. If the Subject in question contains the designated Principal, the Java runtime allows the operation. Otherwise, it throws an exception.
|
