Update topics/oidc/java/jaas.adoc

This commit is contained in:
Stian Thorgersen 2016-06-09 14:31:57 +02:00
parent ee62068dcf
commit 4f2490cb93

View file

@ -3,19 +3,19 @@
It's generally not needed to use JAAS for most of the applications, especially if they are HTTP based, and you should most likely choose one of our other adapters. It's generally not needed to use JAAS for most of the applications, especially if they are HTTP based, and you should most likely choose one of our other adapters.
However, some applications and systems may still rely on pure legacy JAAS solution. However, some applications and systems may still rely on pure legacy JAAS solution.
{{book.project.title}} provides two login modules to help in these situations. {{book.project.name}} provides two login modules to help in these situations.
The provided login modules are: The provided login modules are:
org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule:: org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule::
This login module allows to authenticate with username/password from {{book.project.title}}. This login module allows to authenticate with username/password from {{book.project.name}}.
It's using <<fake/../../oidc-generic.adoc#_resource_owner_password_credentials_flow,Resource Owner Password Credentials>> flow to validate if the provided It's using <<fake/../../oidc-generic.adoc#_resource_owner_password_credentials_flow,Resource Owner Password Credentials>> flow to validate if the provided
username/password is valid. It's useful for non-web based systems, which need to rely on JAAS and want to use {{book.project.title}}, but can't use the standard browser username/password is valid. It's useful for non-web based systems, which need to rely on JAAS and want to use {{book.project.name}}, but can't use the standard browser
based flows due to their non-web nature. Example of such application could be messaging or SSH. based flows due to their non-web nature. Example of such application could be messaging or SSH.
org.keycloak.adapters.jaas.BearerTokenLoginModule:: org.keycloak.adapters.jaas.BearerTokenLoginModule::
This login module allows to authenticate with {{book.project.title}} access token passed to it through CallbackHandler as password. This login module allows to authenticate with {{book.project.name}} access token passed to it through CallbackHandler as password.
It may be useful for example in case, when you have {{book.project.title}} access token from standard based authentication flow and your web application then It may be useful for example in case, when you have {{book.project.name}} access token from standard based authentication flow and your web application then
needs to talk to external non-web based system, which rely on JAAS. For example a messaging system. needs to talk to external non-web based system, which rely on JAAS. For example a messaging system.
Both modules use the following configuration properties: Both modules use the following configuration properties: