# javax.security.auth.login *** **1. Authenticating a User with a Password** ```java import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; public class PasswordAuthentication { public static void main(String[] args) { String username = "username"; String password = "password"; try { LoginContext lc = new LoginContext("LoginModule", new CallbackHandlerImpl(username, password)); lc.login(); System.out.println("Authentication successful!"); } catch (LoginException e) { System.err.println("Authentication failed: " + e.getMessage()); } } } ``` **2. Implementing a Custom Login Module** ```java import javax.security.auth.spi.LoginModule; public class CustomLoginModule implements LoginModule { @Override public boolean login() { // Implement custom authentication logic here return true; } @Override public boolean commit() { // Implement custom commit logic here return true; } @Override public boolean abort() { // Implement custom abort logic here return true; } @Override public boolean logout() { // Implement custom logout logic here return true; } } ``` **3. Getting the Current Subject** ```java import javax.security.auth.Subject; public class GetCurrentSubject { public static void main(String[] args) { Subject subject = Subject.getSubject(AccessController.getContext()); System.out.println("Current Subject: " + subject); } } ``` **4. Adding a Principal to the Subject** ```java import javax.security.auth.Subject; import javax.security.auth.login.Principal; public class AddPrincipalToSubject { public static void main(String[] args) { Subject subject = new Subject(); subject.getPrincipals().add(new PrincipalImpl("username")); System.out.println("Subject with added principal: " + subject); } } ``` **5. Checking for a Specific Principal** ```java import javax.security.auth.Subject; import javax.security.auth.login.Principal; public class CheckForPrincipal { public static void main(String[] args) { Subject subject = Subject.getSubject(AccessController.getContext()); Principal principal = new PrincipalImpl("username"); boolean hasPrincipal = subject.getPrincipals().contains(principal); System.out.println("Subject has principal: " + hasPrincipal); } } ``` **6. Getting the Subject from a Callback** ```java import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; public class GetSubjectCallback implements CallbackHandler { private String username; private String password; public GetSubjectCallback(String username, String password) { this.username = username; this.password = password; } @Override public void handle(Callback[] callbacks) { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { ((NameCallback) callback).setName(username); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(password.toCharArray()); } } } public static void main(String[] args) { String username = "username"; String password = "password"; try { LoginModule loginModule = new LoginModuleImpl(new GetSubjectCallback(username, password)); LoginContext lc = new LoginContext("LoginModule", loginModule); lc.login(); Subject subject = lc.getSubject(); System.out.println("Subject: " + subject); } catch (LoginException e) { System.err.println("Authentication failed: " + e.getMessage()); } } } ``` **7. Configuring Login Modules in Java Security Manager** ```java import javax.security.auth.login.Configuration; public class ConfigureLoginModules { public void setCustomLoginConfiguration() { Configuration configuration = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { // Configure custom login modules here return new AppConfigurationEntry[0]; } }; SecurityManager securityManager = new SecurityManager() { @Override protected AppConfigurationEntry[] getAppConfigurationEntry(String name) { return configuration.getAppConfigurationEntry(name); } }; System.setSecurityManager(securityManager); } } ``` **8. Using JAAS Authorization** ```java import javax.security.auth.Subject; import javax.security.auth.authorization.AuthorizationException; import javax.security.auth.authorization.Policy; import javax.security.auth.authorization.Resource; import javax.security.auth.authorization.Resources; import javax.security.auth.authorization.StandardAuthorizationManager; public class JaasAuthorization { public static void main(String[] args) { Subject subject = new Subject(); subject.getPrincipals().add(new PrincipalImpl("user")); Resource resource = new ResourceImpl("file"); Policy policy = new PolicyImpl(); StandardAuthorizationManager manager = new StandardAuthorizationManager(policy); boolean isAuthorized; try { isAuthorized = manager.isAuthorized(subject, Resources.from(resource), "read"); System.out.println("User is authorized: " + isAuthorized); } catch (AuthorizationException e) { System.err.println("Authorization failed: " + e.getMessage()); } } } ``` **9. Implementing a Custom Permission** ```java import javax.security.auth.Permission; public class CustomPermission extends Permission { private String target; public CustomPermission(String target) { super("custom"); this.target = target; } @Override public boolean implies(Permission p) { // Implement custom implies logic here return false; } @Override public boolean equals(Object obj) { // Implement custom equals logic here return false; } @Override public int hashCode() { // Implement custom hash code logic here return 0; } } ``` **10. Using ACLs for Fine-Grained Access Control** ```java import javax.security.acl.Acl; import javax.security.acl.AclEntry; import javax.security.acl.AclNotFoundException; import javax.security.acl.Group; import javax.security.acl.Permission; import javax.security.acl.PermissionImpl; import javax.security.acl.Principal; import javax.security.acl.Role; public class Acls { public static void main(String[] args) throws AclNotFoundException { // Create a new ACL Acl acl = new AclImpl(new GtidImpl()); // Add an entry to the ACL AclEntry entry = new AclEntryImpl(new PrincipalImpl("user"), new PermissionImpl("read")); acl.addEntry(entry); // Get the roles assigned to the user Group group = new RoleImpl("admins"); for (Principal principal : acl.getPrincipals(group)) { System.out.println("User is assigned role: " + principal.getName()); } } } ``` **11. Using the Credential Management Framework** ```java import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.TextInputCallback; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; public class CredentialManagementFramework { public static void main(String[] args) { LoginContext lc = null; try { // Create a callback handler to handle user prompts CallbackHandler callbackHandler = new CallbackHandlerImpl(); // Create a login context using the callback handler lc = new LoginContext("LoginModule", callbackHandler); // Login the user lc.login(); // Get the credentials obtained from the login process Callback[] callbacks = callbackHandler.getCallbacks(); for (Callback callback : callbacks) { if (callback instanceof NameCallback) { System.out.println("Username: " + ((NameCallback) callback).getName()); } else if (callback instanceof PasswordCallback) { System.out.println("Password: " + new String(((PasswordCallback) callback).getPassword())); } else if (callback instanceof TextInputCallback) { System.out.println("Additional input: " + ((TextInputCallback) callback).getText()); } } } catch (LoginException e) { System.err.println("Authentication failed: " + e.getMessage()); } finally { if (lc != null) { try { lc.logout(); } catch (LoginException e) { System.err.println("Logout failed: " + e.getMessage()); } } } } } ``` **12. Using a KeyStore to Store Private Keys** ```java import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; public class KeyStoreUsage { public static void main(String[] args) throws Exception { // Create a key store KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); // Add a private key to the key store PrivateKey privateKey = ...; Certificate certificate = ...; String alias = "mykey"; keyStore.setKeyEntry(alias, privateKey, null, new Certificate[] { certificate }); // Retrieve the private key from the key store PrivateKey retrievedKey = (PrivateKey) keyStore.getKey(alias, null); // Use the retrieved private key ... } } ``` **13. Using a Trust Store to Validate Certificates** ```java import java.security.KeyStore; import java.security.cert.Certificate; public class TrustStoreUsage { public static void main(String[] args) throws Exception { // Create a trust store KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(null, null); // Add a certificate to the trust store Certificate certificate = ...; String alias = "mytrust"; trustStore.setCertificateEntry(alias, certificate); // Retrieve the certificate from the trust store and use it to validate other certificates ... } } ``` **14. Using JCE to Secure Data** ```java import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; public class JceUsage { public static void main(String[] args) throws Exception { // Generate a secret key KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); SecretKey key = keyGenerator.generateKey(); // Encrypt data using the secret key Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] encryptedData = cipher.doFinal("hello world".getBytes()); // Decrypt data using the secret key cipher.init(Cipher.DECRYPT_MODE, key); byte[] decryptedData = cipher.doFinal(encryptedData); // The decrypted data should be "hello world" System.out.println(new String(decryptedData)); } } ``` **15. Using PKI to Establish Trust** ```java import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509CRL; import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; public class PkiUsage { public static void main(String[] args) throws Exception { // Create a certificate factory CertificateFactory cf = CertificateFactory.getInstance("X.509"); // Create a certificate selector X509CertSelector selector = new X509CertSelector(); // Add a certificate to the selector Certificate certificate = ...; selector.setCertificate(certificate); // Create a PKIX parameters to validate the certificate PKIXParameters params = new PKIXParameters(Arrays.asList(new TrustAnchor(certificate, null))); // Use the PKIX parameters to validate the certificate PKIXCertPathValidator validator = PKIXCertPathValidator.getInstance("PKIX"); CertPath path = CertPathBuilder.getInstance("PKIX").build(selector); validator.validate(path, params); // The certificate is now considered trusted } } ``` **16. Using SSL/TLS for Secure Communication** ```java import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSocketFactory; public class SslTlsUsage { public static void main(String[] args) throws Exception { // Create a SSL context SSLContext context = SSLContext.getInstance("TLS"); // Initialize the SSL context with key store and trust store KeyStore keyStore = KeyStore.getInstance("JKS"); KeyStore trustStore = KeyStore.getInstance("JKS"); char[] password = "password".toCharArray(); keyStore.load(new FileInputStream("keystore.jks"), password); trustStore.load(new FileInputStream("truststore.jks"), password); context.init(keyManagers, trustManagers, null); // Create a server socket factory and a client socket factory SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); SSLSocketFactory clientFactory = context.getSocketFactory(); // Create a server socket and a client socket ServerSocket serverSocket = serverFactory.createServerSocket(443); Socket clientSocket = clientFactory.createSocket("localhost", 443); // Communicate over the secure sockets ... } } ``` **17. Using JAAS with Web Services** ```java import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; public class JaasWebServices { public static void main(String[] args) { LoginContext lc = null; try { // Create a callback handler to handle user prompts CallbackHandler callbackHandler = new CallbackHandlerImpl(); // Create a login context using the callback handler lc = new LoginContext("LoginModule", callbackHandler); // Login the user lc.login(); // Get the subject obtained from the login process Subject subject = lc.getSubject(); // Use the subject to access web services ... } catch (LoginException e) { System.err.println("Authentication failed: " + e.getMessage()); } finally { if (lc != null) { try { lc.logout(); } catch (LoginException e) { System.err.println("Logout failed: " + e.getMessage()); ```