JAAS is the preferred method for authenticating a remote client to JBoss. However, for simplicity and to ease the migration from other application server environment that do not use JAAS, JBoss allows you the security credentials to be passed through the
InitialContext. JAAS is still used under the covers, but there is no manifest use of the JAAS interfaces in the client application.
The factory class that provides this capability is the
org.jboss.security.jndi.LoginInitialContextFactory. The complete set of support
InitialContext environment properties for this factory are:
java.naming.factory.initial: The name of the environment property for specifying the initial context factory, which must be
java.naming.provider.url: This must be set to a
NamingContextFactory provider URL. The
LoginIntialContext is really just a wrapper around the
NamingContextFactory that adds a JAAS login to the existing
java.naming.factory.url.pkgs: For all JBoss JNDI provider this must be
org.jboss.naming:org.jnp.interfaces. This property is essential for locating the
java: URL context factories of the JBoss JNDI provider.
Context.SECURITY_PRINCIPAL): The principal to authenticate. This may be either a
java.security.Principal implementation or a string representing the name of a principal.
Context.SECURITY_CREDENTIALS), The credentials that should be used to authenticate the principal, e.g., password, session key, etc.
Context.SECURITY_PROTOCOL) This gives the name of the JAAS login module to use for the authentication of the principal and credentials.