Java Authentication and Authorization Service

What Does Java Authentication and Authorization Service Mean?

Java Authentication and Authorization Service (JAAS, pronounced “jazz”) is a set of APIs that is used for authenticating the identity of a user or client/computer and ensures that this entity, which is attempting to run Java code, has the proper privileges for the request. JAAS is an extension to the Java platform and was integrated in Java Standard Edition 1.4.


Techopedia Explains Java Authentication and Authorization Service

The Java Authentication and Authorization Service is Java’s implementation of the Pluggable Authentication Module (PAM) information security framework standard, which was first proposed by Sun Microsystems in October 1995 in the Open Software Foundation Request for Comments (RFC) 86.0. There was no real ratification of any PAM standard but an attempt was made to standardize it as part of the X/Open UNIX standardization process that later became the X/Open Single Sign-on (XSSO) standard, which was still not ratified. However, this was used as the basis for the JAAS implementation of PAM.

The JAAS process extends the usual security policy into adding privilege specification granted to the user requesting to execute Java code. Like most security processes, JAAS uses authentication and authorization. First it authenticates the requesting entity and determines if it really is who it says it is and finds out what privileges it has been given. Then it checks the type of request against the specification of privileges to determine if it has the authority for such a request. And then it finally gives or denies authorization based on the authentication process.

As an API, JAAS is independent of other Java APIs and can run concurrently with them, even with other security APIs. Because of this, new Java code, technologies and applications may be plugged in with little to no modification required.


Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.