SourceForge.net Logo

JLL - JAAS Login Library
 
Home | Documentation | Support | Download | Get Involved | Related Sites

JCas User Guide

        Introduction
        Setup
        First CAS server
        Access Control
        JDBC Database Authorization
        JAAS User Authorization
        SSL Setup
        JSP Taglib
        JCas Client
        JLL - JAAS Login Library

Reference

        Release Notes
        JCas Configuration
        FAQ
        Help Forum

JCas Developers

        API Javadocs
        CAS Specification

What is it?

This library has been created by Ralph Schuster to support a few quick logins in conjunction with JAAS. Mainly it provides two authentication and authorization mechanisms:
  • Delegation to Microsoft Windows Active Directory
  • Test authentication and authorization

Where can I get it?

The library can be downloaded for free here. Be aware that it is not maintained or supported in any way. But some components are used by the author in a productive environment.

Delegation to Microsoft Windows Active Directory

The JAAS configuration file looks like: 
DomainLogin {
        jll.JllCommonLoginModule REQUIRED debug=true adserver=dc1.mydomain.com class=jll.ADAuth;
};
This tells the common JAAS module provided by JLL to load a class named jll.ADAuth and to call a method authenticate on a fresh instance of it.

Parameter adserver tells the class to authenticate against Active Directory Server at dc1.mydomain.com.

Please note that the module assumes user names to be like admin@mydomain.com. The user and domain name will then be transformed into a LDAP conform query.

Test authentication and authorization

Test authentication can be configured with JAAS like: 
TestLogin {
        jll.JllCommonLoginModule REQUIRED debug=true class=jll.TestAuth;
};
This tells the common JAAS module provided by JLL to load a class named jll.TestAuth and to call its method authenticate on a fresh instance of it.

The test module makes a very simple authentication. If the password provided is true then the module will successfully authenticate and authorize, otherwise it will not.

So this module is a very quick way to test a JCas server and its functionality.

What was not mentioned

You propably need to provide a security.policy file to your JRE. It should look like 
grant codeBase "file:/home/peter/java/lib/*" {
        permission java.security.AllPermission;
};
to grant the required permissions to JLL (assumed JLL jar resides in that directory).

You then call the JCas server with additional options: 

java -cp $CLASSPATH \
-Djava.security.policy=/home/peter/java-security.policy \
-Djava.security.auth.login.config=/home/peter/jcas-jaas.conf \
cas.JCasServer /home/peter/jcas.xml
This will tell your JRE to use the policy files and to load the appropriate JAAS configuration you need. Make sure all libraries can be found via the classpath.

Good luck!