diff --git a/core-java-modules/core-java-security-2/pom.xml b/core-java-modules/core-java-security-2/pom.xml
new file mode 100644
index 0000000000..43a55e3e0d
--- /dev/null
+++ b/core-java-modules/core-java-security-2/pom.xml
@@ -0,0 +1,17 @@
+
+
+ 4.0.0
+ core-java-security-2
+ 0.1.0-SNAPSHOT
+ core-java-security-2
+ jar
+
+
+ com.baeldung
+ parent-java
+ 0.0.1-SNAPSHOT
+ ../../parent-java
+
+
+
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ConsoleCallbackHandler.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ConsoleCallbackHandler.java
new file mode 100644
index 0000000000..714879e862
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ConsoleCallbackHandler.java
@@ -0,0 +1,24 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.callback.*;
+import java.io.Console;
+import java.io.IOException;
+
+public class ConsoleCallbackHandler implements CallbackHandler {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ Console console = System.console();
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ NameCallback nameCallback = (NameCallback) callback;
+ nameCallback.setName(console.readLine(nameCallback.getPrompt()));
+ } else if (callback instanceof PasswordCallback) {
+ PasswordCallback passwordCallback = (PasswordCallback) callback;
+ passwordCallback.setPassword(console.readPassword(passwordCallback.getPrompt()));
+ } else {
+ throw new UnsupportedCallbackException(callback);
+ }
+ }
+ }
+}
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthentication.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthentication.java
new file mode 100644
index 0000000000..263daa4008
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthentication.java
@@ -0,0 +1,13 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+public class JaasAuthentication {
+
+ public static void main(String[] args) throws LoginException {
+ LoginService loginService = new LoginService();
+ Subject subject = loginService.login();
+ System.out.println(subject.getPrincipals().iterator().next() + " sucessfully logeed in");
+ }
+}
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthorization.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthorization.java
new file mode 100644
index 0000000000..b01179c4d6
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthorization.java
@@ -0,0 +1,17 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import java.security.PrivilegedAction;
+
+public class JaasAuthorization {
+
+ public static void main(String[] args) throws LoginException {
+
+ LoginService loginService = new LoginService();
+ Subject subject = loginService.login();
+
+ PrivilegedAction privilegedAction = new ResourceAction();
+ Subject.doAsPrivileged(subject, privilegedAction, null);
+ }
+}
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/LoginService.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/LoginService.java
new file mode 100644
index 0000000000..72c18d211c
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/LoginService.java
@@ -0,0 +1,14 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+public class LoginService {
+
+ public Subject login() throws LoginException {
+ LoginContext loginContext = new LoginContext("jaasApplication", new ConsoleCallbackHandler());
+ loginContext.login();
+ return loginContext.getSubject();
+ }
+}
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourceAction.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourceAction.java
new file mode 100644
index 0000000000..274f280c2b
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourceAction.java
@@ -0,0 +1,15 @@
+package com.baeldung.jaas;
+
+import java.security.PrivilegedAction;
+
+public class ResourceAction implements PrivilegedAction {
+ @Override
+ public Object run() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new ResourcePermission("test_resource"));
+ }
+ System.out.println("I have access to test_resource !");
+ return null;
+ }
+}
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourcePermission.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourcePermission.java
new file mode 100644
index 0000000000..1ea162f002
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourcePermission.java
@@ -0,0 +1,9 @@
+package com.baeldung.jaas;
+
+import java.security.BasicPermission;
+
+public class ResourcePermission extends BasicPermission {
+ public ResourcePermission(String name) {
+ super(name);
+ }
+}
\ No newline at end of file
diff --git a/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/loginmodule/InMemoryLoginModule.java b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/loginmodule/InMemoryLoginModule.java
new file mode 100644
index 0000000000..6ab606530b
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/loginmodule/InMemoryLoginModule.java
@@ -0,0 +1,74 @@
+package com.baeldung.jaas.loginmodule;
+
+import com.sun.security.auth.UserPrincipal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.*;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+
+public class InMemoryLoginModule implements LoginModule {
+
+ private static final String USERNAME = "testuser";
+ private static final String PASSWORD = "testpassword";
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+ private Map sharedState;
+ private Map options;
+
+ private String username;
+ private boolean loginSucceeded = false;
+ private Principal userPrincipal;
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
+ Map options) {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.sharedState = sharedState;
+ this.options = options;
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ NameCallback nameCallback = new NameCallback("username: ");
+ PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
+ try {
+ callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
+ username = nameCallback.getName();
+ String password = new String(passwordCallback.getPassword());
+ if (USERNAME.equals(username) && PASSWORD.equals(password)) {
+ loginSucceeded = true;
+ }
+ } catch (IOException | UnsupportedCallbackException e) {
+ throw new LoginException("Can't login");
+ }
+ return loginSucceeded;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ if (!loginSucceeded) {
+ return false;
+ }
+ userPrincipal = new UserPrincipal(username);
+ subject.getPrincipals().add(userPrincipal);
+ return true;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ logout();
+ return true;
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ subject.getPrincipals().remove(userPrincipal);
+ return false;
+ }
+}
diff --git a/core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.login.config b/core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.login.config
new file mode 100644
index 0000000000..1163f60c84
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.login.config
@@ -0,0 +1,3 @@
+jaasApplication {
+ com.baeldung.jaas.loginmodule.InMemoryLoginModule required debug=true;
+};
diff --git a/core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.policy b/core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.policy
new file mode 100644
index 0000000000..77f44dbd87
--- /dev/null
+++ b/core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.policy
@@ -0,0 +1,14 @@
+grant codebase "file:./target/core-java-security-2-0.1.0-SNAPSHOT.jar" {
+ permission javax.security.auth.AuthPermission "createLoginContext.jaasApplication";
+ permission javax.security.auth.AuthPermission "doAsPrivileged";
+ permission java.lang.RuntimePermission "readFileDescriptor";
+ permission java.lang.RuntimePermission "writeFileDescriptor";
+};
+
+grant codebase "file:./target/core-java-security-2-0.1.0-SNAPSHOT.jar" {
+ permission javax.security.auth.AuthPermission "modifyPrincipals";
+};
+
+grant principal com.sun.security.auth.UserPrincipal "testuser" {
+ permission com.baeldung.jaas.ResourcePermission "test_resource";
+};