Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Eclipse Plug-in Developer Guide
Previous Page Home Next Page

Login based on JAAS

Overview

The Java Authentication and Authorization Service (or JAAS) is a login framework available in the Java runtime since version 1.4. It allows developers to write security-agnostic code that allows for pluggable backends for authentication (consider LDAP vs Smartcard vs Operating system, etc). There are several implementations of login backends that ship with the various JREs.

For more information on JAAS:

Extension-point based contribution

JAAS has specific expectations of where the classes that are used to build a LoginContext should be found - typically the extension classloader. In order to get around these limitations and bridge into the Eclipse environment, there are several extension points available for bundles to contribute JAAS artifacts into the system. Specifically, the following artifacts have corresponding extension points in the org.eclipse.equinox.security bundle:

  • javax.security.auth.Configuration
  • javax.security.auth.spi.LoginModule
  • javax.security.auth.callback.CallbackHandler

In order to evolve the API but still embrace the model, there is an org.eclipse.equinox.security.auth.ILoginContext interface which maps to the LoginContext class in JAAS. Additional features are available on this interface, but most functionality still speaks in terms of core JAAS artifacts (Subjects, Principals, etc).

Declarative wiring via LoginContextFactory

Another limitation of the JAAS framework is that there is a strong coupling between the backend login Configuration and the CallbackHandler (UI) which will service the login execution. There is an extension to create the mapping from a configuration name to a specific CallbackHandler, and a factory (org.eclipse.equinox.security.auth.LoginContextFactory) which can generate an ILoginContext without knowledge required of specific CallbackHandlers.

Notifications through ILoginContextListener

Another use case which is implemented is the ability to monitor the execution of an applications login lifecycle via an event listener model. This functionality is available through the org.eclipse.equinox.security.auth.ILoginContextListener interface.

Future work

Feedback surrounding this functionality is greatly appreciated. Potential future direction involves integrating login into the RCP lifecycle, Jobs framework, etc and using the user context to affect the behaviour of the runtime system (filter, etc).


 
 
  Published under the terms of the Eclipse Public License Version 1.0 ("EPL") Design by Interspire