In my previous post, I explained how to set the Jaas Configuration file in using 'System.setProperty' method.
Ex:
System.setProperty("java.security.auth.login.config", "jaasAuth.config");
We can also set the JAAS configuration file in java security file.
Where is my java security file located?
‘java.security’ file is located in below location.
${JAVA_HOME}\jre\lib\security
In my case it is located in ‘C:\Program Files (x86)\Java\jdk1.8.0_102\jre\lib\security’.
Open ‘java.security’ file in notepad and add below statement to it.
login.config.url.1=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth.config
‘file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth.config’ is the location of jaas configuration file.
Note
Use ‘/’ not ‘\’ while adding the path.
Find the below working application.
jaasAuth.config
JaasTutorial{
com.smaple.login.BasicLoginModule required;
};
BasicAuthCallbackHandler.java
package com.sample.handler;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
public class BasicAuthCallbackHandler implements CallbackHandler{
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
NameCallback nameCallBack = (NameCallback)callbacks[0];
PasswordCallback passwordCallback = (PasswordCallback)callbacks[1];
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.println(nameCallBack.getPrompt());
nameCallBack.setName(br.readLine());
System.out.println(passwordCallback.getPrompt());
passwordCallback.setPassword(br.readLine().toCharArray());
}
}
BasicLoginModule.java
package com.smaple.login;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
public class BasicLoginModule implements LoginModule {
private String username = "krishna";
private String password = "krishna";
CallbackHandler callbackHandler;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, MapString, ?> sharedState,
MapString, ?> options) {
this.callbackHandler = callbackHandler;
}
@Override
public boolean login() throws LoginException {
Callback[] callbackArray = new Callback[2];
callbackArray[0] = new NameCallback("Enter logon id:");
callbackArray[1] = new PasswordCallback("Enter password:", false);
try {
callbackHandler.handle(callbackArray);
} catch (IOException | UnsupportedCallbackException e) {
e.printStackTrace();
throw new LoginException(e.getMessage());
}
String logonId = ((NameCallback) callbackArray[0]).getName();
char[] passwordArr = ((PasswordCallback) callbackArray[1]).getPassword();
String password = new String(passwordArr);
if (username.equals(logonId) && this.password.equals(password)) {
System.out.println("Login successful");
return true;
}
throw new LoginException("Logon failed");
}
@Override
public boolean commit() throws LoginException {
return true;
}
@Override
public boolean abort() throws LoginException {
return false;
}
@Override
public boolean logout() throws LoginException {
return true;
}
}
Test.java
package com.sample.app;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import com.sample.handler.BasicAuthCallbackHandler;
public class Test {
public static void main(String args[]) {
LoginContext loginContext = null;
try {
loginContext = new LoginContext("JaasTutorial", new BasicAuthCallbackHandler());
} catch (LoginException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return;
}
try {
loginContext.login();
} catch (LoginException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Run Test.java by providing username and password as ‘krishna’, you can able to see below output.
Enter logon id:
krishna
Enter password:
krishna
Login successful
Run Test.java by providing the username and password other than 'krishna', you can able to see below output.
Enter logon id:
krishna
Enter password:
aa
javax.security.auth.login.LoginException: Logon failed
at com.smaple.login.BasicLoginModule.login(BasicLoginModule.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at com.sample.app.Test.main(Test.java:22)
This is continuation to my previous posts, I recommend you to go through below post, before reading this.
Can I add multiple authentication config files in java.security file?
Yes, you can add, finally, these are all combined to one file by the java run time.
Ex:
login.config.url.1=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth1.config
login.config.url.2=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth2.config
login.config.url.3=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth3.config
login.config.url.4=file:C:/Users/krishna/workspace1/jaas_tutorial/jaasAuth4.config
Previous Next Home
Related Articles
This post first appeared on Java Tutorial : Blog To Learn Java Programming, please read the originial post: here