Java Authentication Service Provider Interface for Containers (JASPIC) is a Java specification that provides a standardized way to authenticate and authorize users within a Java EE container. It allows container-based deployments to plug in and configure different authentication mechanisms without modifying the application code.
JASPIC has a layered architecture that consists of the following components:
-
Application: The application is the top layer of the JASPIC architecture. It represents the Java EE application that requires authentication and authorization. The application code is responsible for initiating the authentication process and handling the authenticated user.
-
JASPIC Bridge: The JASPIC bridge is a component provided by the container to connect the application with the underlying authentication mechanisms. It acts as an intermediary between the application and the authentication service providers. The bridge executes the JASPIC SPI (Service Provider Interface) during the authentication and authorization process.
-
Authentication Service Provider (ASP): An ASP is responsible for validating the user’s credentials and establishing the user’s identity. It receives the authentication request from the JASPIC bridge, performs authentication, and returns a CallbackHandler and a Subject to the bridge. The CallbackHandler is used to collect additional information from the user during the authentication process, while the Subject represents the authenticated user.
-
Server Authentication Module (SAM): A SAM is an implementation of the JASPIC SPI that integrates with a specific authentication mechanism. It talks to the authentication service provider to authenticate the user and build the required Java EE security artifacts, such as Principal and Credential objects, which are then stored in the Subject. Each authentication mechanism can have its own SAM implementation.
-
Configured Authentication Context (CAC): The CAC is responsible for configuring an authentication mechanism and binding it to a SAM. It provides a way to specify the parameters and settings required for a specific authentication mechanism. The CAC is registered in the JASPIC configuration file, which allows the container to know which authentication mechanisms are available for a specific deployment.
Understanding the architecture of Java JASPIC is essential for Java EE developers who need to implement custom authentication mechanisms in their applications. By leveraging the standardized JASPIC API, developers can integrate with existing authentication systems and have more control over the authentication and authorization process.
#technology #Java