JAAS Book

JAAS Overview

JAAS is the Java Authentication and Authorization Service bundled in Java SE. JAAS can be used to provide user management and permissioning. The authorization service allows you to "log in" a user and specify which "identities" (groups or multiple users pulled in from different systems) a logged in user has. The authentication system allows you to specify which permissions a user's identity has and then check for that permission before executing any Java code.

The end result, ideally, is a user security system that provides the base level of user management along with a plugin architecture to integrate with various identity silos. In reality, it's a bit more tedious than that, esp. for mutli-user, non-desktop oriented applications.

Free Book

This site contains the book I wrote sometime back about the Java Authentication and Authorization Service, or JAAS. The book could do with some copy-editing, and even some more content. Despite those short-comings, the book covers the basics of JAAS, and then quickly goes into how to write database backed versions of JAAS service classes such as Policy, Configuration, and LoginModule.

Over the years, the "static" nature of JAAS always bugged me, and I spent this book figuring out how to make JAAS more dynamic.

History

I wrote this book for Manning Publications, but many of the final reviews said "I wouldn't pay $40-50 for this book." And, indeed, I'm not sure it would sell too briskly.

On the other hand, this means that you now have access to the book for free. Like I said, it's somewhat unfinished, butfor a free book on JAAS, I think you'll find it informative and worth while if you're using or interested in JAAS.

Table of Contents

The chapters are currently available as PDFs:

• 01 - Introducing JAAS (PDF)
• 02 - Two Quick Examples (PDF)
• 03 - Authentication (PDF)
• 04 - Database-backed Authentication PDF)
• 05 - Permisions and Access Control (PDF)
• 06 - A Custom Policy (PDF)
• 07 - Authentication Base Classes (PDF)
• 08 - JAAS for Data Access Control (PDF)
• 09 - JAAS in Web Applications (PDF)
• 10 - Extending JAAS Integration in Web Applications (PDF)

Source Code

The code in the book is available as a zip download.

Support

If you found this book helpful, consider a small donation:

Feedback

I'd actually love to hear any feedback you have. Please send comments to jaasbook@coteindustries.com.

About the Author

I'm Coté. Check out my weblog and podcast at DrunkAndRetired.com.

Chip Holden spent quite a lot of time helping to re-write chapters one and two.

And, thanks to all the people who took time to review and comment on the book!