The system administrator also determines the parameters of the authentication. For example, the user may be required to enter a valid Solaris password. Alternately, she may be required to enter a valid LDAP password, a valid NT password, or a valid password held in a custom database and either a valid Solaris or NT password. One or more of these passwords may be deemed optional. The administrator can set up as few or as many login modules as desired, and any or all of them may be optional or required. The program executes a method call the doAs or doAsPrivileged method, passing in the user login object and the code that should be executed on behalf of that user. Programatically, this method is very similar to the doPrivileged method of the access controller. As well see, it accomplishes a similar purpose. 2. Within the context just created, the program executes code that requires a specific permission e.g., it attempts to count the files in a directory. Like all such requests, this code results in a call to the security manager and hence the access controller to see if the appropriate permission is granted. As usual, if all the classes on the stack are granted that permission via the standard policy files or whatever Policy class is in effect, the permission will be granted and the call will succeed. However, because the call was executed within the context of the doAs method, the JAAS framework comes into play. JAAS provides a second set of policy files that allow permissions to be granted to code loaded from particular locations andor signed by particular entities, but only if that code is being executed by a specific authenticated user. Figure 15−1 shows how the stack might look when a call is made to the access controller from within the JAAS framework. The application code was initially loaded from file:filesjaas. That code authenticated the user and passed the authenticated user and an object loaded from file:filesjaasactionsto the doAs method. To call the File.listFiles method, the protection domain file:filesjaas must have the relevant permissions in the standard Java policy file. The protection domain file:filesjaasactions must have those same permissions, but they may be loaded from the standard Java policy file in which case they apply to all users. Alternately, the permissions may be loaded from a JAAS policy file, in which case they apply only to the user named in that file. Figure 15−1. The stack and protection domains of a JAAS−enabled application 3. 292