Show TOC Start of Content Area

Background documentation Overview of the Login Process in JAAS  Locate the document in its SAP Library structure

The login process is initiated by an access request to an application running on the AS Java. For example, when a user requests access to a Web application from a Web application client, the Web container where the application is running prompts the user to log in upon first request to a protected resource of the application.

Based on the policy configuration information from the application’s deployment descriptors, the AS Java creates a new instance of the LoginContext class for the login.

The LoginContext uses the policy configurations for the AS Java applications to obtain information about the required authorizations and authentication checks that must be met for granting access to the application. The authentication checks, in turn, are implemented by authentication schemes or JAAS login modules, which enable pluggable authentication independent of the application code.

Phases of the Authentication Process

For an overview of the login process phases, see the figure below.

This graphic is explained in the accompanying text

Login Process Flow in JAAS

The login process consists of the following phases:

       1.      The accessed  application calls the login() method of the LoginContext class to authenticate a Subject, which is an abstract representation of a user of the accessed system.

       2.      The LoginContext calls the login() method of each of the login modules in the authentication stack for the application’s Policy Configuration. The login modules are called in the order they are configured in the authentication stack.

Each login module completes the user authentication in two phases:

                            a.      First, when its login() method is called, it uses a CallbackHandler class to negotiate the required authentication information with the user.

                            b.      The second phase refers to calling the commit() method of the login module and is executed if the user has successfully authenticated. Alternatively, if the user fails to authenticate authentication successfully, the abort() method is called.

The login process is successful if the user is authenticated by the login modules in the authentication stack that must succeed (that is, the commit() method for these login modules returns control to the accessed application). You can choose the order in which the login modules are called during the authentication process using the login module flags defined in the JAAS specification.

For more information about the login module flags and authentication stacks, see AS Java Authentication Infrastructure.

 

 

End of Content Area