Customize application login with Java Authentication and Authorization Service (JAAS)
The JAAS API enables applications to access authentication and access control services without being tied to those services.
JAAS login configurations can be configured using the administrative console. Changes are saved in the cell-level security document and are available to all managed application servers.
Using the JAAS login framework, we can create a JAAS login configuration to perform identity assertion.
WAS supports plugging in a custom JAAS login module before or after the WAS system login module.
WAS does not support the replacement of the WAS system login modules, which are used to create the WSCredential credential and WSPrincipal principal in the Subject.
With a custom login module, we can either make additional authentication decisions or add information to the Subject to make additional, potentially finer-grained, authorization decisions inside a Java EE application.
Subtopics
- Enable identity assertion with trust validation using JAAS
By enabling identity assertion with trust validation, an application can use the JAAS login configuration to perform a programmatic identity assertion.
Related:
Programmatic login for JAAS Use the JAAS programming model for web authentication Developing programmatic logins with the JAAS Configure programmatic logins for JAAS Customize an application login to perform an identity assertion using JAAS Enable identity assertion with trust validation using JAAS Customize a server-side JAAS authentication and login configuration