IBM Java Generic Security Service (JGSS)
The Java™ Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key,
or other security technologies.
By abstracting the complexity and peculiarities of the underlying security mechanisms to a standardized interface, JGSS provides the following benefits to the development of secure networking applications:
- You can develop the application to a single abstract interface
- You can use the application with different security mechanisms without any changes
JGSS defines the Java bindings for the Generic Security Service Application Programming Interface (GSS-API), which is a cryptographic API that has been standardized by the Internet Engineering Task Force (IETF) and adopted by the X/Open Group.
The IBM® implementation of JGSS is called IBM JGSS. IBM JGSS is an implementation of the GSS-API framework that uses Kerberos V5 as the default underlying security system.
It also features a Java Authentication and Authorization Service (JAAS) login module for creating and using Kerberos credentials. In addition,
you can have JGSS perform JAAS authorization checks when you use those credentials.
IBM JGSS includes a native System i5™ JGSS provider, a Java JGSS provider, and Java versions of the Kerberos credential managerment tools (kinit, ktab, and klist).
The native System i5 JGSS provider uses the native System i5 Network Authentication Services (NAS) library. When you use the native provider, use the native System i5 Kerberos utilities. For more information, see JGSS providers.
- JGSS concepts
JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API).
- Configuring your server to use IBM JGSS
How you configure your server to use JGSS depends on which version of the Java 2 Software Development Kit (J2SDK) that you run on your system.
- Running IBM JGSS applications
The IBM Java Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE).
- Developing IBM JGSS applications
Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.
- JGSS debugging
When you are trying to identify JGSS problems, use the JGSS debugging capability to produce helpful categorized messages.
- Samples: IBM Java Generic Security Service (JGSS)
The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and Javadoc reference information. Use the sample programs to test and verify your JGSS setup.
- IBM JGSS Javadoc reference information
The Javadoc reference information for IBM JGSS includes classes and methods in the org.ietf.jgss api package and the Java versions of some Kerberos credential management tools.
Parent topic:
Java security
Related concepts
Java security model Java Cryptography Extension Java Secure Socket Extension Java Authentication and Authorization Service