Java^TM Authentication and Authorization Service (JAAS) 1.0_01

README

Introduction
Installation
Updates
Where to Find Documentation
Send Us Feedback!

Introduction

Thank you for downloading the Java^TM Authentication and Authorization Service (JAAS) 1.0_01.

JAAS 1.0_01 supplements the Java^TM 2 Platform, Standard Edition, v 1.3, and requires that you have it installed.

JAAS 1.0_01 is written entirely in the Java^TM programming language.

Installation

Please refer to the install notes page for installation directions.

Updates

The major updates made since the Beta release were:

API Updates:
- javax.security.auth:
  1. SubjectDomainCombiner.getSubject has a new security check.
  2. Policy.getPermissions no longer throws java.io.IOException.
  3. Policy.getPermissions no longer has a security check.
  4. Policy.refresh no longer throws java.io.IOException.
  5. AuthPermission(getPrivateCredentials) removed.
  6. PrivateCredentialPermission has two new methods:
    - getCredentialClass
    - getPrincipals
javax.security.auth.login:
1. LoginContext constructors have new security checks.
2. LoginContext binds the provided application CallbackHandler with the caller's AccessControlContext.
3. LoginContext invokes LoginModules inside a AccessController.doPrivileged block (LoginModules should not call doPrivileged themselves).
4. LoginContext class no longer final.
5. Configuration.getAppConfigurationEntry no longer throws java.io.IOException.
6. Configuration.refresh no longer throws java.io.IOException.
com.sun.security.auth:
1. created new public Resources class.
2. created new public X500Principal class.
3. PolicyFile supports grant statments with wildcard (*) Principal entries.
4. PolicyFile supports additional SELF behavior for PrivateCredentialPermissions.

Minor bug fixes.

Where to Find Documentation

Note that the JAAS API Developer's Guide also contains directions for running a sample JAAS program, located in the jaas1.0_01/doc/samples directory of the JAAS Class Libraries download.

Send Us Feedback!

Submit comments or suggestions via the java security feedback page.

Bug reports with sample code are highly appreciated! Please submit bugs with sample code using the normal Java Developer Connection (JDC) process.

Last update: 1/10/00