Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Specifying jaas configuration file location in java security file

In my previous post, I explained how to set the Jaas Configuration file in using 'System.setProperty' method.

Ex:
System.setProperty("java.security.auth.login.config", "jaasAuth.config");

We can also set the JAAS configuration file in java security file.

Where is my java security file located?
‘java.security’ file is located in below location.
${JAVA_HOME}\jre\lib\security

In my case it is located in ‘C:\Program Files (x86)\Java\jdk1.8.0_102\jre\lib\security’.

Open ‘java.security’ file in notepad and add below statement to it.

login.config.url.1=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth.config

‘file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth.config’ is the location of jaas configuration file.

Note
Use ‘/’ not ‘\’ while adding the path.

Find the below working application.

jaasAuth.config
JaasTutorial{
 com.smaple.login.BasicLoginModule required;
};

BasicAuthCallbackHandler.java
package com.sample.handler;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

public class BasicAuthCallbackHandler implements CallbackHandler{


@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  NameCallback nameCallBack = (NameCallback)callbacks[0];
  PasswordCallback passwordCallback = (PasswordCallback)callbacks[1];

  BufferedReader br = new BufferedReader(new InputStreamReader(System.in));

  System.out.println(nameCallBack.getPrompt());
  nameCallBack.setName(br.readLine());

  System.out.println(passwordCallback.getPrompt());
  passwordCallback.setPassword(br.readLine().toCharArray());

}

}

BasicLoginModule.java
package com.smaple.login;

import java.io.IOException;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class BasicLoginModule implements LoginModule {

private String username = "krishna";
private String password = "krishna";
 CallbackHandler callbackHandler;

@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, MapString, ?> sharedState,
   MapString, ?> options) {
this.callbackHandler = callbackHandler;
}

@Override
public boolean login() throws LoginException {
  Callback[] callbackArray = new Callback[2];

  callbackArray[0] = new NameCallback("Enter logon id:");
  callbackArray[1] = new PasswordCallback("Enter password:", false);

try {
   callbackHandler.handle(callbackArray);
} catch (IOException | UnsupportedCallbackException e) {
   e.printStackTrace();
throw new LoginException(e.getMessage());
}

  String logonId = ((NameCallback) callbackArray[0]).getName();
char[] passwordArr = ((PasswordCallback) callbackArray[1]).getPassword();
  String password = new String(passwordArr);

if (username.equals(logonId) && this.password.equals(password)) {
   System.out.println("Login successful");
return true;
}

throw new LoginException("Logon failed");
}

@Override
public boolean commit() throws LoginException {
return true;
}

@Override
public boolean abort() throws LoginException {
return false;
}

@Override
public boolean logout() throws LoginException {
return true;
}

}


Test.java
package com.sample.app;

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import com.sample.handler.BasicAuthCallbackHandler;

public class Test {

public static void main(String args[]) {
  LoginContext loginContext = null;

try {
   loginContext = new LoginContext("JaasTutorial", new BasicAuthCallbackHandler());
} catch (LoginException e) {
// TODO Auto-generated catch block
   e.printStackTrace();
return;
}

try {
   loginContext.login();
} catch (LoginException e) {
// TODO Auto-generated catch block
   e.printStackTrace();
}
}
}

Run Test.java by providing username and password as ‘krishna’, you can able to see below output.
Enter logon id:
krishna
Enter password:
krishna
Login successful


Run Test.java by providing the username and password other than 'krishna', you can able to see below output.
Enter logon id:
krishna
Enter password:
aa
javax.security.auth.login.LoginException: Logon failed
 at com.smaple.login.BasicLoginModule.login(BasicLoginModule.java:50)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
 at com.sample.app.Test.main(Test.java:22)

This is continuation to my previous posts, I recommend you to go through below post, before reading this.

Can I add multiple authentication config files in java.security file?
Yes, you can add, finally, these are all combined to one file by the java run time.

Ex:
login.config.url.1=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth1.config
login.config.url.2=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth2.config
login.config.url.3=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth3.config
login.config.url.4=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth4.config





Previous                                                 Next                                                 Home

Related Articles



This post first appeared on Java Tutorial : Blog To Learn Java Programming, please read the originial post: here

Share the post

Specifying jaas configuration file location in java security file

×

Subscribe to Java Tutorial : Blog To Learn Java Programming

Get updates delivered right to your inbox!

Thank you for your subscription

×