Overview of Using the JAAS API with WAM
Use the Java Authentication and Authorization Service (JAAS) API to create new authentication and authorization login modules to plug into WAM.
If a standard WAM login module doesn’t provide for the needs of your enterprise, you can use the JAAS API to implement a new login module to access virtually any type of user repository.
Who Should Read This Section
Most application programmers who use WAM to implement application security will not need to learn about the JAAS API, as authentication and authorization services are provided transparently by WAM. System administrators should read the WAM Administrator’s Guide to understand how to configure WAM login modules. However, if a standard WAM login module is not available or an existing one does not quite suite your needs, this section is intended to guide experienced programmers through the process of creating new WAM JAAS login modules.
This section provides terminology, architectural diagrams, and programmatic examples specific to writing login modules for use with WAM. Though this documentation is thorough within that scope, it is not intended to replace the abundance of documentation available on JAAS, Java Security, and Pluggable Authentication Modules (PAM). For more information about JAAS and related security topics, see Related Resources.
WAM uses an implementation of JAAS, which was introduced as an optional package to the Java 2 SDK, Standard Edition (J2SDK) 1.3. This was also known as JAAS 1.0. With the release of J2SDK 1.4, JAAS was integrated into the Java Standard Edition.
JAAS implements a Java version of the PAM framework, which permits applications to remain independent from underlying authentication technologies. The PAM framework allows the use of new or updated authentication technologies without requiring modifications to your application.
JAAS can be used for two purposes:
Authentication of users to ensure that they are who they say they are.
Authorization of users to ensure that they have the access permission roles required to perform a request.
Login modules are plugged into the WAM policy server to provide a particular type of authentication. Currently, the standard Login modules included with WAM include:
JdbcLoginModule: For use with repositories stored in relational databases (SQL).
LdapLoginModule: For use with most any LDAPv3 compliant directory server.
XmlLoginModule: For use with the WAM XML user repository.
If any of these standard login modules meet your requirements, then you can stop reading this section when your curiosity wanes. Otherwise, press on.