aspose file tools*
The moose likes Security and the fly likes Setting JAAS Configuration file programmatically Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Setting JAAS Configuration file programmatically" Watch "Setting JAAS Configuration file programmatically" New topic
Author

Setting JAAS Configuration file programmatically

Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hi,

I was wondering if there was a way of setting the JAAS configuration programmatically. What I mean is that instead of having some jaas.conf file that specifies, say:

SampleLogin {
Krb5LoginModule required debug=true;
};

if there is a way to set it in the code. As far as I'm concerned, the LoginContext just takes the jaas.conf file and creates a Configuration out of it. I've tried to create a Configuration object with the necessary parameters in my code, but I have failed miserably.

Also, right now I'm running my code with some flags like "-Djava.security.etc=some_stuff".. Is there a way to specify these in the code too?

Any help much appreciated!
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Alright... For the second question I can just use System.setProperty()

Does anyone know anything about the first question?
K Aditi
Ranch Hand

Joined: Mar 17, 2008
Posts: 89
Will storing the configuration in database instead of a flat file going to serve your purpose?In this way you can dynamically set the configuration.You can extend the javax.security.auth.login.Configuration class for this purpose.
[ June 19, 2008: Message edited by: K Aditi ]

Aditi
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hmmm... I didn't quite understand.. Can you provide more details?

That would be better, but I want to avoid accessing a file system as much as possible.

Thanks!
K Aditi
Ranch Hand

Joined: Mar 17, 2008
Posts: 89
I want to avoid accessing a file system as much as possible.

Hmmm...I am afraid, what I had in mind will not help you much. Anyways what I meant was, you can extend the javax.security.auth.login.Configuration class such that it reads the configuration from the database which is usually stored in .conf flat file.

By the way if you "store" the configuration in your code, it will have to be compiled every time for a small change.I hope you have considered that point.

Hope this helps.
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hmm.. I'm still a bit confused. Let me try to explain myself better and please correct any wrong assumptions I've made.

As the javax.security.auth.login.Configuration javadocs state, at any given time, there is one Configuration object installed. I assume that this Configuration object is constructed by taking the configuration file (by accessing the java.security.auth.login.config java property) and parsing it.

If this is correct, then I should also be able to create a Configuration object named myConf, and then call Configuration.setConfiguration(myConf).

So, how do I create a Configuration?

First of all, Configuration is an abstract class, so rather than coding up my own implementation, I would prefer to use the existing one--the one LoginContext reads. Do you know which class this is?

However, creating an entirely new Configuration might have undesired effects. Thus, I would prefer to modify the existing Configuration. Supposedly, I can access the existing configuration by calling Configuration.getConfiguration(), but I keep getting a NullPointerException when I try to do that... I've also been unable to create a new Configuration by calling the Configuration.getInstance() method.

Any thoughts?
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Problem solved.

I implemented MyConfig extends Configuration, and then passed an instance of it to the constructor of the LoginContext.

Thanks!
K Aditi
Ranch Hand

Joined: Mar 17, 2008
Posts: 89
Now I am a bit confused here.
I implemented MyConfig extends Configuration, and then passed an instance of it to the constructor of the LoginContext.

But LoginContext does not take Configuration as an argument in its constructor.Did you extend LoginContext too?Just curious to know, does the LoginContext gets instantiated?
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hi,

Yes, the LoginContext can be instantiated with a Configuration. In fact, it has 4 constructors. Altogether, you can specify: the entry name in the configuration, a Subject, a CallbackHandler, and a Configuration.
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Oh... I see where your confusion comes from.

The LoginContext javadocs you just posted are from Java 1.4.. If you look at the Java 6 docs (here) you'll find the constructor I just talked about.
K Aditi
Ranch Hand

Joined: Mar 17, 2008
Posts: 89
Thanks Ed. I should have checked the latest specs.
[ June 26, 2008: Message edited by: K Aditi ]
Juanjo Cuadrado
Greenhorn

Joined: Jun 27, 2011
Posts: 18

Ed Zeval wrote:... and then passed an instance of it to the constructor of the LoginContext.


I'm sorry but I do not understand how you can call this constructor of the LoginContext.... Can you help me, please?
priya sti
Greenhorn

Joined: Feb 14, 2014
Posts: 1

Hi Ed Zeval ,

Could you please explain in detail how you have extended Configuration class and what configurations you have provided to it.
thanks !

regards,

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Setting JAAS Configuration file programmatically
 
Similar Threads
weblogic 10 and jsp and jaas
JAAS/LDAP question
No LoginModules configured
looking for a simple configuration file (JAAS)
JAAS programatically