{"id":2667,"date":"2015-11-25T00:31:00","date_gmt":"2015-11-25T00:31:00","guid":{"rendered":"https:\/\/www.htmlgoodies.com\/uncategorized\/implementing-java-based-user-authentication-with-jaas\/"},"modified":"2015-11-25T00:31:00","modified_gmt":"2015-11-25T00:31:00","slug":"implementing-java-based-user-authentication-with-jaas","status":"publish","type":"post","link":"https:\/\/www.htmlgoodies.com\/java\/implementing-java-based-user-authentication-with-jaas\/","title":{"rendered":"Implementing Java-based User Authentication with JAAS"},"content":{"rendered":"
Once you’ve built a commercial website or two it becomes apparent that most business owners share similar requirements in terms of basic functionality. Common use cases include product or service management, user\/membership management, and user authentication. If you’re developing in Java, the latter can be handled by JAAS. Whether you want to handle user authentication on a user-by-user basis or using role-based access, JAAS is a good choice. In today`s article, we`ll be looking at some popular security framework offerings from a bird`s eye view, learning the basics on JAAS, and finally, going through a simple login process using actual classes that you`ll be able to run and play with.<\/span><\/p>\n Security is something that you should never try to implement yourself. Back before security was such an ongoing concern, I knew developers who rolled their own encryption algorithms. There is no need to write your own security boilerplate; within JAVA, there are several excellent security frameworks designed to make the process of securing an application faster, easier, and many times more successful than you could do yourself.<\/p>\n There are three major players in the realm of Java Application Security: JAAS (Java Authentication and Authorization Services), Spring Security, and Apache Shiro. JAAS has one distinction over the other two in that it is the only framework that has been integrated directly into the JAVA Development Kit as of the JDK version 1.4. Having said that, The JAAS framework is somewhat less powerful, as it mainly focuses on authentication and authorization of users within an application. Other features like user management is lacking. From an architectural point of view, JAAS the authentication concerns nicely separate from application logic. Hence, JAAS Security can be added to an existing application with a minimum of code changes. It is for this reason that it is considered to be “pluggable”. JAAS supports multiple types of authentication, including username & password, voice, fingerprint, biometrics, and others.<\/p>\nJAVA Security Frameworks at a Glance<\/h2>\n