JAAS Active Login for Windows

The IBM® version of JAAS for Windows contains an additional function called Active Login. Because Windows has an extensive security infrastructure, it is important on servers to allow a Java™ program to log on as a particular Windows user and run with the underlying operating system knowing the security identity on a particular thread.

Without this extended support, JAAS allows Java programs to know who the user is, strictly on a Java level. With this extended support, Java programs can log in as different users and have even non-Java programs (such as the Windows kernel) enforce security appropriately.

The following classes contain the additional support for Active Login:

com.ibm.security.auth.NTThreadSubject

This is the gateway to changing identities on an operating system thread level.

com.ibm.security.auth.module.NTActiveLoginModule

com.ibm.security.auth.module.Win64ActiveLoginModule

This is specified in the login configuration file. If you construct a LoginContext using a string name that calls this LoginModule, and you supply a CallbackHandler that can supply a valid userid and password, you can log on.

com.ibm.security.auth.module.NTActiveSystem

com.ibm.security.auth.module.Win64ActiveSystem

This is an implementation class, largely hidden from users.

These classes are described in the JAAS APIs that are included with the Java SDK.