The location of JAAS login configuration files follows two approaches:

  1. Set System Property
    The system property value java.security.auth.login.config is set to the location of the log configuration
    E.g. the system property can be set on the command line as:
    1: java –
    2: Djava.security.auth.login.config=/var/activemq/comfig/login.config
  2. Configure the JDK
    JAAS checks the $JAVA_HOME/jre/lib/security/java.security security properties file for entries of the form if the system property is not set
    1: login.config.url.1=file:C:/activemq/config/login.config
    – When more than one entry is found, login.config.rul.n, the entris should be consecutively numbered
    – A single configuration file is used for storing login files in java.security package

JAAS CallbackHandler and Callbacks

  • When CallbackHandlers are specified in application, the LoginModules remains independent regardless of the application interaction with users
  • Login modules make use of javax.security.auth.callback.CallbackHandler to retrieve authentication information from the user
  • The CallbackHandler interface is implemented in applications and then passes it to the LoginContext that sends it directly to the LoginModules
  • The LoginModule makes use of the CallbackHandler:
    – To get input from the users
    E.g. to get password, pin number, etc.
    – To give information to users
    E.g. status information
  • For example:
    – CallbackHandler implementation for a GUI application might display a window and request user for input
    – CallbackHandler implementation for a non-GUI might simply requests user to give input on the command line

JAAS CallbackHandler and Callbacks (Cont’d)

  • CallbackHandler interface should implement the following method:
  • To process NameCallback, the CallbackHandler initially retrieves the name from user by requesting the user and then calls the setName function of the NameCallback to store the name
  • The login module passes an array of Callbacks to the CallbackHandler handle method to execute the requested user interaction and sets values to the Callbacks
  • The package javax.security.auth.callback consists of the Callback interfaces and many other implementations
  • Example of Callbacks include NameCallback (for user name) and PasswordCallback (for password)
  • LoginModule sends an array of Callbacks directly to the CallbackHandler’s handle method

Login to Standalone Application

  • Step 1: The user initiates the application
  • Step 2: Login module is invoked
  • Step 3 & 4: The Login module makes use of the callback handler to collect login information from the user using callbacks
  • Step 5: Login information entered by the user
  • Step 6: Login module gets the information and decides whether to allow the user into the application or not