7 Replies Latest reply: May 11, 2011 2:48 PM by opher535 RSS

    Authenticate user with Java API's?

    852668
      Hi,
      I have a server program written in Java, it accepts requests from client apps and has to authenticate the users credentials.

      Currently we use JNI to access the platform specific libraries (PAM on Linux, SSPI/NTLM on Windows, etc...). I've done quite a bit of searching and haven't found anything but I thought I would ask if anyone knows of any packages available (in Java itself, open source or commercial - can not be GPL or LGPL) that can perform these tasks (preferably 100% java but JNI wrapper code is fine too)?

      Specifically the SSPI/NTLM code is a bit convoluted so I would ideally like to replace that code, in case you know of something specific to Windows.

      Thanks in advance!

      jim
        • 1. Re: Authenticate user with Java API's?
          gimbal2
          Investigate JAAS. If there is nothing in there that you can use, I don't give you much hope.

          http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
          • 2. Re: Authenticate user with Java API's?
            852668
            I've looked through JAAS and didn't see anything.

            I suspect you are correct, little hope...
            • 3. Re: Authenticate user with Java API's?
              EJP
              I've looked through JAAS and didn't see anything.
              JAAS has an NTLM module. Hard to see how you could have missed that. I'm sure you'll find a PAM module out there somewhere.
              • 4. Re: Authenticate user with Java API's?
                852668
                EJP wrote:
                I've looked through JAAS and didn't see anything.
                JAAS has an NTLM module. Hard to see how you could have missed that. I'm sure you'll find a PAM module out there somewhere.
                I've seen references indicating there is such a thing, but have not figured out the correct search terms to find an actual example or documentation on using it. Would you have a pointer to information on JAAS & NTLM?

                Thanks
                • 5. Re: Authenticate user with Java API's?
                  EJP
                  Err, the Java documentation? There's a big architecture picture on which you click JAAS.
                  • 6. Re: Authenticate user with Java API's?
                    852668
                    EJP wrote:
                    Err, the Java documentation? There's a big architecture picture on which you click JAAS.
                    I've been searching for a couple of days before posting here. I was not able to find anything useful, now it's quite possible it is staring me in the face & I am just not seeing it so I was hoping for something like a direct link.

                    The only thing that I have been able to find is the 'NTLoginModule' but that name is a bit of a misnomer as all it does it give you information on the currently logged in user, it doesn't allow you to pass a username/pwd and authenticate the user.

                    Jim

                    Edited by: JimM on Apr 22, 2011 2:41 PM
                    • 7. Re: Authenticate user with Java API's?
                      opher535
                      You can look [url http://download.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/package-summary.html]here for specific documentation on LoginModule s.

                      You should spend a few minutes studying these (short) tutorials:
                      [url http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html]JAAS Authentication
                      [url http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html]JAAS Login Configuration File

                      Especially notice the two-liner for doing authentication asking the user for a username and password from the console:
                          LoginContext lc = new LoginContext("JaasSample", new TextCallbackHandler());
                          lc.login();
                      If your users supply username and password by other means, it should be straight forward to wrap those in an implemetation of CallbackHandler.

                      Cheers,
                      Opher.

                      Edited by: 858239 on 22:42 11/05/2011