Java Authentication and Authorization Service (JAAS) is the Java implementation that is based on the standard Pluggable Authentication Module (PAM) information security framework that is available as an extension library in Java 1.3. The aim of JAAS is to separate the user authentication layer from core applications so that the security-related features can be managed independently. JAAS is a combination of representation of identity called principal and a set of credentials called subject. The login service invokes the application callbacks to get the user inputs such as username and password. The login module of JAAS is primarily concerned with authentication and has methods such as init
, login
, commit
, abort
, and logout
.
Spring Security provides a package that is able to delegate authentication requests to JAAS. Spring Security's authentication mechanism is responsible for populating the username and password that is taken from the user...