javax.security.auth.login

1. Authenticating a User with a Password

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

public class PasswordAuthentication {

    public static void main(String[] args) {
        String username = "username";
        String password = "password";

        try {
            LoginContext lc = new LoginContext("LoginModule", new CallbackHandlerImpl(username, password));
            lc.login();
            System.out.println("Authentication successful!");
        } catch (LoginException e) {
            System.err.println("Authentication failed: " + e.getMessage());
        }
    }
}

2. Implementing a Custom Login Module

import javax.security.auth.spi.LoginModule;

public class CustomLoginModule implements LoginModule {

    @Override
    public boolean login() {
        // Implement custom authentication logic here
        return true;
    }

    @Override
    public boolean commit() {
        // Implement custom commit logic here
        return true;
    }

    @Override
    public boolean abort() {
        // Implement custom abort logic here
        return true;
    }

    @Override
    public boolean logout() {
        // Implement custom logout logic here
        return true;
    }
}

3. Getting the Current Subject

import javax.security.auth.Subject;

public class GetCurrentSubject {

    public static void main(String[] args) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        System.out.println("Current Subject: " + subject);
    }
}

4. Adding a Principal to the Subject

import javax.security.auth.Subject;
import javax.security.auth.login.Principal;

public class AddPrincipalToSubject {

    public static void main(String[] args) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new PrincipalImpl("username"));
        System.out.println("Subject with added principal: " + subject);
    }
}

5. Checking for a Specific Principal

import javax.security.auth.Subject;
import javax.security.auth.login.Principal;

public class CheckForPrincipal {

    public static void main(String[] args) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        Principal principal = new PrincipalImpl("username");
        boolean hasPrincipal = subject.getPrincipals().contains(principal);
        System.out.println("Subject has principal: " + hasPrincipal);
    }
}

6. Getting the Subject from a Callback

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class GetSubjectCallback implements CallbackHandler {

    private String username;
    private String password;

    public GetSubjectCallback(String username, String password) {
        this.username = username;
        this.password = password;
    }

    @Override
    public void handle(Callback[] callbacks) {
        for (Callback callback : callbacks) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(username);
            } else if (callback instanceof PasswordCallback) {
                ((PasswordCallback) callback).setPassword(password.toCharArray());
            }
        }
    }

    public static void main(String[] args) {
        String username = "username";
        String password = "password";

        try {
            LoginModule loginModule = new LoginModuleImpl(new GetSubjectCallback(username, password));
            LoginContext lc = new LoginContext("LoginModule", loginModule);
            lc.login();
            Subject subject = lc.getSubject();
            System.out.println("Subject: " + subject);
        } catch (LoginException e) {
            System.err.println("Authentication failed: " + e.getMessage());
        }
    }
}

7. Configuring Login Modules in Java Security Manager

import javax.security.auth.login.Configuration;

public class ConfigureLoginModules {

    public void setCustomLoginConfiguration() {
        Configuration configuration = new Configuration() {
            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                // Configure custom login modules here
                return new AppConfigurationEntry[0];
            }
        };

        SecurityManager securityManager = new SecurityManager() {
            @Override
            protected AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                return configuration.getAppConfigurationEntry(name);
            }
        };

        System.setSecurityManager(securityManager);
    }
}

8. Using JAAS Authorization

import javax.security.auth.Subject;
import javax.security.auth.authorization.AuthorizationException;
import javax.security.auth.authorization.Policy;
import javax.security.auth.authorization.Resource;
import javax.security.auth.authorization.Resources;
import javax.security.auth.authorization.StandardAuthorizationManager;

public class JaasAuthorization {

    public static void main(String[] args) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new PrincipalImpl("user"));

        Resource resource = new ResourceImpl("file");

        Policy policy = new PolicyImpl();
        StandardAuthorizationManager manager = new StandardAuthorizationManager(policy);

        boolean isAuthorized;
        try {
            isAuthorized = manager.isAuthorized(subject, Resources.from(resource), "read");
            System.out.println("User is authorized: " + isAuthorized);
        } catch (AuthorizationException e) {
            System.err.println("Authorization failed: " + e.getMessage());
        }
    }
}

9. Implementing a Custom Permission

import javax.security.auth.Permission;

public class CustomPermission extends Permission {

    private String target;

    public CustomPermission(String target) {
        super("custom");
        this.target = target;
    }

    @Override
    public boolean implies(Permission p) {
        // Implement custom implies logic here
        return false;
    }

    @Override
    public boolean equals(Object obj) {
        // Implement custom equals logic here
        return false;
    }

    @Override
    public int hashCode() {
        // Implement custom hash code logic here
        return 0;
    }
}

10. Using ACLs for Fine-Grained Access Control

import javax.security.acl.Acl;
import javax.security.acl.AclEntry;
import javax.security.acl.AclNotFoundException;
import javax.security.acl.Group;
import javax.security.acl.Permission;
import javax.security.acl.PermissionImpl;
import javax.security.acl.Principal;
import javax.security.acl.Role;

public class Acls {

    public static void main(String[] args) throws AclNotFoundException {
        // Create a new ACL
        Acl acl = new AclImpl(new GtidImpl());

        // Add an entry to the ACL
        AclEntry entry = new AclEntryImpl(new PrincipalImpl("user"), new PermissionImpl("read"));
        acl.addEntry(entry);

        // Get the roles assigned to the user
        Group group = new RoleImpl("admins");
        for (Principal principal : acl.getPrincipals(group)) {
            System.out.println("User is assigned role: " + principal.getName());
        }
    }
}

11. Using the Credential Management Framework

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

public class CredentialManagementFramework {

    public static void main(String[] args) {
        LoginContext lc = null;

        try {
            // Create a callback handler to handle user prompts
            CallbackHandler callbackHandler = new CallbackHandlerImpl();

            // Create a login context using the callback handler
            lc = new LoginContext("LoginModule", callbackHandler);

            // Login the user
            lc.login();

            // Get the credentials obtained from the login process
            Callback[] callbacks = callbackHandler.getCallbacks();
            for (Callback callback : callbacks) {
                if (callback instanceof NameCallback) {
                    System.out.println("Username: " + ((NameCallback) callback).getName());
                } else if (callback instanceof PasswordCallback) {
                    System.out.println("Password: " + new String(((PasswordCallback) callback).getPassword()));
                } else if (callback instanceof TextInputCallback) {
                    System.out.println("Additional input: " + ((TextInputCallback) callback).getText());
                }
            }
        } catch (LoginException e) {
            System.err.println("Authentication failed: " + e.getMessage());
        } finally {
            if (lc != null) {
                try {
                    lc.logout();
                } catch (LoginException e) {
                    System.err.println("Logout failed: " + e.getMessage());
                }
            }
        }
    }
}

12. Using a KeyStore to Store Private Keys

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;

public class KeyStoreUsage {

    public static void main(String[] args) throws Exception {
        // Create a key store
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);

        // Add a private key to the key store
        PrivateKey privateKey = ...;
        Certificate certificate = ...;
        String alias = "mykey";
        keyStore.setKeyEntry(alias, privateKey, null, new Certificate[] { certificate });

        // Retrieve the private key from the key store
        PrivateKey retrievedKey = (PrivateKey) keyStore.getKey(alias, null);

        // Use the retrieved private key ...
    }
}

13. Using a Trust Store to Validate Certificates

import java.security.KeyStore;
import java.security.cert.Certificate;

public class TrustStoreUsage {

    public static void main(String[] args) throws Exception {
        // Create a trust store
        KeyStore trustStore = KeyStore.getInstance("JKS");
        trustStore.load(null, null);

        // Add a certificate to the trust store
        Certificate certificate = ...;
        String alias = "mytrust";
        trustStore.setCertificateEntry(alias, certificate);

        // Retrieve the certificate from the trust store and use it to validate other certificates ...
    }
}

14. Using JCE to Secure Data

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

public class JceUsage {

    public static void main(String[] args) throws Exception {
        // Generate a secret key
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        SecretKey key = keyGenerator.generateKey();

        // Encrypt data using the secret key
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte[] encryptedData = cipher.doFinal("hello world".getBytes());

        // Decrypt data using the secret key
        cipher.init(Cipher.DECRYPT_MODE, key);
        byte[] decryptedData = cipher.doFinal(encryptedData);

        // The decrypted data should be "hello world"
        System.out.println(new String(decryptedData));
    }
}

15. Using PKI to Establish Trust

import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;

public class PkiUsage {

    public static void main(String[] args) throws Exception {
        // Create a certificate factory
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        // Create a certificate selector
        X509CertSelector selector = new X509CertSelector();

        // Add a certificate to the selector
        Certificate certificate = ...;
        selector.setCertificate(certificate);

        // Create a PKIX parameters to validate the certificate
        PKIXParameters params = new PKIXParameters(Arrays.asList(new TrustAnchor(certificate, null)));

        // Use the PKIX parameters to validate the certificate
        PKIXCertPathValidator validator = PKIXCertPathValidator.getInstance("PKIX");
        CertPath path = CertPathBuilder.getInstance("PKIX").build(selector);
        validator.validate(path, params);

        // The certificate is now considered trusted
    }
}

16. Using SSL/TLS for Secure Communication

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;

public class SslTlsUsage {

    public static void main(String[] args) throws Exception {
        // Create a SSL context
        SSLContext context = SSLContext.getInstance("TLS");

        // Initialize the SSL context with key store and trust store
        KeyStore keyStore = KeyStore.getInstance("JKS");
        KeyStore trustStore = KeyStore.getInstance("JKS");
        char[] password = "password".toCharArray();
        keyStore.load(new FileInputStream("keystore.jks"), password);
        trustStore.load(new FileInputStream("truststore.jks"), password);
        context.init(keyManagers, trustManagers, null);

        // Create a server socket factory and a client socket factory
        SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
        SSLSocketFactory clientFactory = context.getSocketFactory();

        // Create a server socket and a client socket
        ServerSocket serverSocket = serverFactory.createServerSocket(443);
        Socket clientSocket = clientFactory.createSocket("localhost", 443);

        // Communicate over the secure sockets ...
    }
}

17. Using JAAS with Web Services

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

public class JaasWebServices {

    public static void main(String[] args) {
        LoginContext lc = null;

        try {
            // Create a callback handler to handle user prompts
            CallbackHandler callbackHandler = new CallbackHandlerImpl();

            // Create a login context using the callback handler
            lc = new LoginContext("LoginModule", callbackHandler);

            // Login the user
            lc.login();

            // Get the subject obtained from the login process
            Subject subject = lc.getSubject();

            // Use the subject to access web services ...
        } catch (LoginException e) {
            System.err.println("Authentication failed: " + e.getMessage());
        } finally {
            if (lc != null) {
                try {
                    lc.logout();
                } catch (LoginException e) {
                    System.err.println("Logout failed: " + e.getMessage());

Previousjavax.security.auth.kerberos Nextjavax.security.auth