Java Authentication and Authorization Service

Why Trust Techopedia

What Does Java Authentication and Authorization Service Mean?

Java Authentication and Authorization Service (JAAS, pronounced “jazz”) is a set of APIs that is used for authenticating the identity of a user or client/computer and ensures that this entity, which is attempting to run Java code, has the proper privileges for the request. JAAS is an extension to the Java platform and was integrated in Java Standard Edition 1.4.


Techopedia Explains Java Authentication and Authorization Service

The Java Authentication and Authorization Service is Java’s implementation of the Pluggable Authentication Module (PAM) information security framework standard, which was first proposed by Sun Microsystems in October 1995 in the Open Software Foundation Request for Comments (RFC) 86.0. There was no real ratification of any PAM standard but an attempt was made to standardize it as part of the X/Open UNIX standardization process that later became the X/Open Single Sign-on (XSSO) standard, which was still not ratified. However, this was used as the basis for the JAAS implementation of PAM.

The JAAS process extends the usual security policy into adding privilege specification granted to the user requesting to execute Java code. Like most security processes, JAAS uses authentication and authorization. First it authenticates the requesting entity and determines if it really is who it says it is and finds out what privileges it has been given. Then it checks the type of request against the specification of privileges to determine if it has the authority for such a request. And then it finally gives or denies authorization based on the authentication process.

As an API, JAAS is independent of other Java APIs and can run concurrently with them, even with other security APIs. Because of this, new Java code, technologies and applications may be plugged in with little to no modification required.


Related Terms

Margaret Rouse

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…