JDK-4850423 : login facilities for hardware tokens
  • Type: Enhancement
  • Status: Resolved
  • Resolution: Fixed
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Affected Version: 5.0
  • OS: solaris_7
  • CPU: generic
  • Submit Date: 2003-04-17
  • Updated Date: 2017-05-16
  • Resolved Date: 2003-08-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
Other
5.0 tigerResolved
Related Reports
Relates :  
Description
This is one of the parts for 4635083
(Enhanced security token integration),
which is a Target of Opportunity for Tiger.

Some hardware token providers (for example, a smartcard provider)
may require a login operation into the token using a password
or other means of authentication before certain operations
can be performed.

Currently there is no standard API to directly log into a token.
A new abstract subclass of java.security.Provider
should be added. It should define methods for retrieving
a javax.security.auth.login.LoginContext that may
be used to directly log into and out from a token.

Although applications should be able to directly log into a token,
providers should also be able to detect whether a login
has not yet occurred, and if necessary,
attempt to log users in themselves
(internally using their own LoginContext).

Since there is no well defined, standard, auto logout mechanism,
applications will still have to directly
invoke the API to perform a logout.

A new class javax.security.auth.PasswordCredential should
also be introduced. Login modules may place this as a
private credential in a subject once authentication
to a token has successfully completed.   This will
facilitate single signon solutions.  The PasswordCredential
should be generic so it can be used with any password
based authentication mechanism.

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger FIXED IN: tiger INTEGRATED IN: tiger tiger-b16
2004-06-14

EVALUATION will fix
2004-06-11

SUGGESTED FIX Add a new abstract subclass to java.security.Provider, named java.security.LoginProvider. This new provider class defines methods for retrieving a LoginContext that may be used to log into or out from a token.
2004-06-11