This package defines the LoginContext class which is one of the primary JAAS classes used by application programmers. To authenticate a user, an application creates a LoginContext object, specifying the application name (used to lookup the type of authentication required for that application in the Configuration) and usually specifying a javax.security.auth.callback.CallbackHandler for communication between the user and the underlying login modules. Next, the application calls the login( ) method of the LoginContext to perform the actual login. If this method returns without throwing a LoginException, then the user was sucessfully authenticated, and the getSubject( ) method of LoginContext returns a javax.security.auth.Subject representing the user. The code might look like this:

import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
// Get a default GUI-based CallbackHandler
CallbackHandler h = new com.sun.security.auth.callback.DialogCallbackHandler( );
// Try to create a LoginContext for use with this application
LoginContext context;
try {
  context = new LoginContext("MyAppName", h);
}
catch(LoginException e) {
  System.err.println("LoginContext configuration error: " + e.getMessage( ));
  System.exit(-1);
}
// Now use that context to authenticate the user
try {
  context.login( );
}
catch(LoginException e) {
  System.err.println("Authentication failed: " + e.getMessage( ));
  System.exit(-1);  // Or we could allow them to try again.
}
// If we get here, authentication was successful, so get the Subject that
// represents the authenticated user.
Subject subject = context.getSubject( );

In order to make this kind of authentication work correctly, a fair bit of configuration is required in various files in the jre/lib/security directory of the Java installation and possibly elsewhere. In particular, a login configuration file is required to specify which login modules are required to authenticate users for a particular application (some applications may require more than one). A description of how to do this is beyond the scope of this reference. See the Configuration class for a run-time representation of the login configuration information, however.

Classes

public class AppConfigurationEntry;
public static class AppConfigurationEntry.LoginModuleControlFlag;
public abstract class Configuration;
public class LoginContext;

Exceptions

public class LoginException extends java.security.GeneralSecurityException;
   public class AccountException extends LoginException;
      public class AccountExpiredException extends AccountException;
      public class AccountLockedException extends AccountException;
      public class AccountNotFoundException extends AccountException;
   public class CredentialException extends LoginException;
      public class CredentialExpiredException extends CredentialException;
      public class CredentialNotFoundException extends CredentialException;
   public class FailedLoginException extends LoginException;