# javax.security.auth.spi *** **1. Get User Principal from HttpServletRequest** ```java import javax.security.auth.Subject; import javax.security.auth.spi.LoginContext; public class GetUserPrincipal { public static void main(String[] args) { try { // Get the current Subject from the HttpServletRequest Subject subject = (Subject) request.getAttribute("javax.security.auth.subject"); // Get the UserPrincipal from the Subject UserPrincipal principal = subject.getPrincipals(UserPrincipal.class).iterator().next(); // Print the UserPrincipal System.out.println("UserPrincipal: " + principal.getName()); } catch (Exception e) { e.printStackTrace(); } } } ``` **2. Get LoginModule Configuration** ```java import javax.security.auth.login.Configuration; import javax.security.auth.spi.LoginModule; public class GetLoginModuleConfiguration { public static void main(String[] args) { Configuration configuration = Configuration.getConfiguration(); for (LoginModule module : configuration.getAppConfigurationEntry("SampleLoginModule").getLoginModules()) { System.out.println("LoginModule: " + module.getClass().getName()); } } } ``` **3. Create a Custom LoginModule** ```java import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; public class CustomLoginModule implements LoginModule { @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { // Initialize the LoginModule } @Override public boolean login() throws LoginException { // Implement the login logic return true; } @Override public boolean commit() throws LoginException { // Implement the commit logic return true; } @Override public boolean abort() throws LoginException { // Implement the abort logic return true; } @Override public boolean logout() throws LoginException { // Implement the logout logic return true; } } ``` **4. Create a Custom CallbackHandler** ```java import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; public class CustomCallbackHandler implements CallbackHandler { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { ((NameCallback) callback).setName("username"); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword("password".toCharArray()); } } } } ``` **5. Use the JAAS Login API** ```java import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; public class UseJAASLoginAPI { public static void main(String[] args) { try { // Create a LoginContext LoginContext loginContext = new LoginContext("SampleLoginModule", new CustomCallbackHandler()); // Login loginContext.login(); // Get the Subject Subject subject = loginContext.getSubject(); // Print the Subject System.out.println("Subject: " + subject); } catch (LoginException e) { e.printStackTrace(); } } } ``` **6. Use the JAAS Subject API** ```java import javax.security.auth.Subject; import javax.security.auth.SubjectDomainCombiner; public class UseJAASSubjectAPI { public static void main(String[] args) { // Create a Subject Subject subject = new Subject(); // Add a Principal to the Subject subject.getPrincipals().add(new UserPrincipal("username")); // Add a Credential to the Subject subject.getPrivateCredentials().add(new PasswordCredential("password".toCharArray ```