Chapter 9 Using the JAAS API

JAAS in EAServer

Over time, you may need to modify or replace authentication infrastructure due to deficiencies, enhancements, or applications requiring a different security policy. EAServer support for JAAS login modules simplifies replacement and modification of the underlying authentication mechanism.

Configure server-wide login modules that are used to authenticate clients trying to gain access to applications, Web applications, and servlets/JSPs. Figure 9-1 illustrates how JAAS is enabled on EAServer. The com.sybase.jaguar.server.jaas.config server property (defined in Jaguar Manager) points to the JAAS configuration file, which determines the login module to use for a specific server.

The configuration file requires a section with the same name as the server specified by the com.sybase.jaguar.server.name property. EAServer invokes any configured login modules. If a login module is not defined, then JAAS is bypassed and the server uses the regular mechanism, if any, for authentication. For example, if credentials are passed to a server and no login module is defined, the server uses operating system authentication, if enabled.

If a login module is defined, it overrides any other authentication service that may be installed, and passes the request for authentication to the login module.

Figure 9-1: EAServer login design

Enabling JAAS on EAServer

Start EAServer with JDK 1.3. See the EAServer System Administration Guide for more information.

Specifying the JAAS configuration file enables JAAS. In Jaguar Manager:

  1. Highlight the Servers folder.
  2. Highlight the server for which you are identifying the configuration file.
  3. Select File | Server Properties, and highlight the Security tab.
  4. In the JAAS Configuration File window, enter the name of the JAAS configuration file, or use the browse button to search for the file.

    You can verify the JAAS configuration file setting in the All Properties tab by viewing the com.sybase.jaguar.server.jaas.config property.

    Note   To disable JAAS, remove the entry from the JAAS Configuration File window.

This message indicates that JAAS is disabled, or there is a JAAS error; for example, the configuration file is not valid, or there is a problem loading the login module:

May 30 16:30:35 2001: Note: No configuration found for 'Jaguar' in the JAAS configuration file. 
May 30 16:30:35 2001: WARNING: JAAS setup for Authentication is ignored.
Your EAServer installation contains a sample JAAS configuration file, jaas.cfg, in the html/classes/Sample/JAAS directory.

 

Copyright © 2002 Sybase, Inc. All rights reserved.