JAASって何よ
Java Authentication and Authorization Service. Java認証・承認サービスとか言われても良く分からんし,ということで今回もまずは仕様書の説明の確認から.
J2EE1.3仕様書 10ページ目
JAAS enables services to authenticate and enforce access controls upon users. It implements a Java technology version of the standard Plugable Authentication Module (PAM) framework, and extends the access control architecture of the Java2 Platform in a compatible fashion to support user-based authorization.
いわゆるPAMフレームワークのJava実装なんだそうな.「○○のJava実装+ちょっと拡張」は良くあるパターン.
PAMが謎なのでさらに調べる.
Pluggable Authentication Modules
The pluggable authentication module (PAM) framework provides system administrators with the ability to incorporate multiple authentication mechanisms into an existing system through the use of pluggable modules. Applications enabled to make use of PAM can be plugged-in to new technologies without modifying the existing applications. This flexibility allows administrators to do the following:
Select any authentication service on the system for an application
Use multiple authentication mechanisms for a given service
Add new authentication service modules without modifying existing applications
Use a previously entered password for authentication with multiple modules
The PAM framework consists of a library, pluggable modules, and a configuration file. The PAM library implements the PAM application programming interface (API) and serves to manage PAM transactions and invoke the PAM service programming interface (SPI) defined in the pluggable modules. Pluggable modules are dynamically loaded by the library based on the invoking service and its entry in the configuration file. Success is determined not only by the pluggable module but also by the behavior defined for the service. Through the concept of stacking, a service can be configured to authenticate through multiple authentication methods. If supported, modules can also be configured to use a previously submitted password rather than prompting for additional input.
「プラグイン可能な認証モジュール」名前から想像できちゃうけど,まあそんな感じ.認証モジュールの独立性と汎用性を高めて,既存システムの変更を行なうこと無しに認証形態や認証内容を変更可能にする方法.
JAASが何なのかなんとなく分かってきた.
