Shaj 0.5: Simple Host Authentication for Java (Initial Release)

Discussions

News: Shaj 0.5: Simple Host Authentication for Java (Initial Release)

  1. For all of Java's authentication/security API's, there is actually no way of verifying a user's password with the underlying operating system. Shaj is a simple Java library that allows your Java app to verify users with the underlying operating system. Shaj also allows you to check group membership.

    Shaj is not an authenication library; it's not a replacement for JAAS, which can use an underlying operating system to authenticate and authorize users as well via the various operating system-specific modules. It's meant for simple validation purposes.

    Shaj currently supports Windows and Unix (PAM), and comes with pre-compiled JNI libraries for win32, Linux, Mac OS-X and Solaris. Shaj should work on Java 1.2+ JVM's. Shaj is written in C and Java.

    Shaj is licensed under the Apache 2.0 License.

    Threaded Messages (13)

  2. Apache 2.0 License[ Go to top ]

    This sounds like a fantastic feature, my question is: Under Apache 2.0 License, if I incorporate this library into my code, does my application now become subject to Apache 2.0 License or do I just need to include the materials to uphold the Apache license for Shaj?

    If using Shaj doesn't interfere with how I license my own product, that sounds great.

    -Chris
  3. Apache 2.0 License[ Go to top ]

    The Apache 2.0 License is not "viral" in this way. The last paragraph in section 4 should address you question: http://www.apache.org/licenses/LICENSE-2.0.html

    Or to put it another way: as the author of Shaj, I'm more than happy for you to use Shaj in your application :D
  4. re: Apache 2.0 License[ Go to top ]

    Actually, this sums it up best: http://www.apache.org/foundation/licence-FAQ.html#WhatDoesItMEAN
  5. Some basic documentation as to how to set up and what all classes to use would have been great.
    Do you think you will become popolar just like that - by making every user to go thru the source code. ?
  6. JAAS[ Go to top ]

    There are already today JAAS Modules to perform this

    Java Authentication and Authorization Service (JAAS)
    http://java.sun.com/products/jaas/index.jsp
  7. re: JAAS[ Go to top ]

    There are already today JAAS Modules to perform this
    Bruno,

    If you have working JAAS code that allows you to verify usernames and passwords of arbitrary users (on win32/linux/solaris/osx), I'd love to see it.
  8. re: JAAS[ Go to top ]

    Matt Quail,
    Why can't?
    see com.sun.security.auth package.
  9. re: JAAS[ Go to top ]

    Why can't? see com.sun.security.auth package.
    Kewan,
    I'd love to be proven wrong, but those com.sun.security.auth classes (NTLoginModule and UnixModule) only retrieve the current user, not any arbitrary user.
  10. re: JAAS[ Go to top ]

    Here you go, for Win32 at least.
    http://free.tagish.net/jaas/index.jsp
  11. documentation[ Go to top ]

    Some basic documentation as to how to set up and what all classes to use would have been great.

    Sean, Shaj is easy to setup and use, the documenation is here (it links through to the javadoc):
     http://opensource.cenqua.com/shaj/doc.html
  12. Hurrah!

    A great idea.
    Perfect for app side or web side user authentication I presume?

    i.e. an intranet web site where they still enter their passwd, but the server can then use Shaj to check it via the 'NTLM stuff' (been a while since I was involved with this).

    Jonathan
  13. Look's nice but is there any possibility how to check password in hash form, which you get from IE when using NTLM auth?

    Thanks
  14. hi, i tried to use Shaj for a practice but it seems that it is not working right to check my local linux computer for proper username and password.<br>
    Here is my code from test.java:<br>

    import com.cenqua.shaj.Shaj;

    public class test{
    public static void main(String[] args){
    boolean correctPassword = Shaj.checkPassword(null, "john", "test");
    if (correctPassword)
    System.out.println("Authorized User.");
    else
    System.out.println("Incorrect UserName/Password.");
    }
    }//end of test



    any ideas why it is not working?<br>
    thanks!