-
User guide
- Part 1 - Introduction
- Part 2 - Core Restlet
- Part 3 - Restlet Editions
- Part 4 - Restlet Extensions
- Appendices
- Tutorials
- Javadocs
- Change Log
JAAS extension
Introduction
This extension facilitate the integration between the Restlet security API introduced in version 2.0 and the JAAS standard for authentication and authorization.
A typical use case is the creation of a JAAS Subject including principals for the authenticated Restlet user and its granted roles. This is achieved by the JaasUtils#createSubject(ClientInfo) method.
In addition, a JaasVerifier support the verification of user credentials based on a JAAS pluggable authentication mechanism and more precisely based on JAAS login modules.
For additional details, please consult the Javadocs.
Authenticating with LDAP
This extension can be used for LDAP authentication, for example. Considering this JAAS configuration:
BasicJaasAuthenticationApplication {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://ldap.example.net/"
authIdentity="uid={USERNAME},ou=people,dc=example,dc=net"
};
Using a verifier configured like this:
JaasVerifier verifier = new JaasVerifier("BasicJaasAuthenticationApplication");
verifier.setConfiguration(jaasConfig);
verifier.setUserPrincipalClassName("com.sun.security.auth.UserPrincipal");
authenticator.setVerifier(verifier);
A successful JAAS login will add principals like these to the subject:
[LdapLoginModule] added LdapPrincipal "uid=bruno,ou=people,dc=example,dc=net"
to Subject
[LdapLoginModule] added UserPrincipal "bruno" to Subject
Thus, the resulting principals in ClientInfo are:
LdapPrincipal with name: "uid=bruno,ou=people,dc=example,dc=net"
UserPrincipal with name: "bruno"
A new user is created based on the first UserPrincipal name: ‘bruno’ in this example.