11.3. JAAS - Java Authentication and Authorization Service

JAAS is the Java Authentication and Authorization Service. It is part of the Java EE Spec, and allows for pluggable authentication and authorization to abstract applications from security providers.

The JAAS 1.0 API consists of a set of Java packages designed for user authentication and authorization. The API implements a Java version of the standard Pluggable Authentication Modules (PAM) framework and extends the Java 2 Platform access control architecture to support user-based authorization.

JAAS authentication is performed in a pluggable fashion. This permits Java applications to remain independent from underlying authentication technologies, and allows the security manager to work in different security infrastructures. Integration with a security infrastructure is achievable without changing the security manager implementation. You need only change the configuration of the authentication stack JAAS uses.

Refer to the Java EE JAAS Documentation for further information on JAAS.

The JBoss Enterprise Application Platform 6 security subsystem is based on the JAAS API.