35 files changed, 5143 insertions, 0 deletions

diff --git a/libjava/classpath/javax/security/auth/AuthPermission.java b/libjava/classpath/javax/security/auth/AuthPermission.java
new file mode 100644
index 00000000000..176ed9fb43d
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/AuthPermission.java
@@ -0,0 +1,146 @@
+/* AuthPermission.java -- permissions related to authentication.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.BasicPermission;
+
+/**
+ * <p>A permission controlling access to authentication service. The
+ * <i>actions</i> field of auth permission objects is ignored; the whole
+ * of the permission is defined by the <i>target</i>.</p>
+ *
+ * <p>The authentication permission targets recognized are:</p>
+ *
+ * <dl>
+ * <dt><code>doAs</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAs(javax.security.auth.Subject  java.security.PrivilegedAction)}
+ * methods.</p></dd>
+ *
+ * <dt><code>doAsPrivileged</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAsPrivileged(javax.security.auth.Subject,
+ * java.security.PrivilegedAction, java.security.AccessControlContext)}
+ * methods.</p></dd>
+ *
+ * <dt><code>getSubject</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * thread.</p></dd>
+ *
+ * <dt><code>getSubjectFromDomainCombiner</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * {@link SubjectDomainCombiner}.</p></dd>
+ *
+ * <dt><code>setReadOnly</code></dt>
+ *
+ * <dd><p>Allows a {@link Subject} to be marked as read-only.</p></dd>
+ *
+ * <dt><code>modifyPrincipals</code></dt>
+ *
+ * <dd><p>Allows the set of principals of a subject to be modified.</p></dd>
+ *
+ * <dt><code>modifyPublicCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of public credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>modifyPrivateCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of private credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>refreshCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Refreshable} credential to be refreshed.</p></dd>
+ *
+ * <dt><code>destroyCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Destroyable} credential to be destroyed.</p></dd>
+ *
+ * <dt><code>createLoginContext.<i>name</i></code></dt>
+ *
+ * <dd><p>Allows a {@link javax.security.auth.login.LoginContext} for the
+ * given <i>name</i>. <i>name</i> can also be a wildcard (<code>'*'</code>),
+ * which allows the creation of a context with any name.</p></dd>
+ *
+ * <dt><code>getLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be retrieved.</p></dd>
+ *
+ * <dt><code>setLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be set.</p></dd>
+ *
+ * <dt><code>refreshLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be refreshed.</p></dd>
+ * </dl>
+ */
+public final class AuthPermission extends BasicPermission
+{
+
+  /**
+   * Creates a new authentication permission for the given target name.
+   *
+   * @param name The target name.
+   */
+  public AuthPermission (String name)
+  {
+    super (name);
+  }
+
+  /**
+   * Creates a new authentication permission for the given target name.
+   * The actions list is not used by this class.
+   *
+   * @param name The target name.
+   * @param actions The action list.
+   */
+  public AuthPermission (String name, String actions)
+  {
+    super (name, actions);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/DestroyFailedException.java b/libjava/classpath/javax/security/auth/DestroyFailedException.java
new file mode 100644
index 00000000000..98de82bd491
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/DestroyFailedException.java
@@ -0,0 +1,67 @@
+/* DestroyFailedException.java -- signals an object could not be destroyed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An exception thrown when the {@link Destroyable#destroy()} method
+ * fails for a credential.
+ *
+ * @see Destroyable
+ */
+public class DestroyFailedException extends Exception
+{
+
+  /**
+   * Creates a new DestroyFailedException with no detail message.
+   */
+  public DestroyFailedException()
+  {
+    super();
+  }
+
+  /**
+   * Creates a new DestroyFailedException with a detail message.
+   *
+   * @param message The detail message.
+   */
+  public DestroyFailedException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/Destroyable.java b/libjava/classpath/javax/security/auth/Destroyable.java
new file mode 100644
index 00000000000..1ebd85c07d4
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Destroyable.java
@@ -0,0 +1,64 @@
+/* Destroyable.java -- an immutable object that may be destroyed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An interface for objects that are immutable but whose sensitive
+ * data may be wiped out.
+ */
+public interface Destroyable
+{
+
+  /**
+   * Destroy this object, clearing all sensitive fields appropriately.
+   *
+   * @throws DestroyFailedException If this object could not be
+   *   destroyed.
+   * @throws SecurityException If the caller does not have permission
+   *   to destroy this object.
+   */
+  void destroy() throws DestroyFailedException;
+
+  /**
+   * Tells whether or not this object has been destroyed.
+   *
+   * @return True if this object has been destroyed.
+   */
+  boolean isDestroyed();
+}
diff --git a/libjava/classpath/javax/security/auth/Policy.java b/libjava/classpath/javax/security/auth/Policy.java
new file mode 100644
index 00000000000..4da9a84dffe
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Policy.java
@@ -0,0 +1,79 @@
+/* Policy.java -- deprecated precursor to java.security.Policy.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.CodeSource;
+import java.security.PermissionCollection;
+
+/**
+ * @deprecated The classes java.security.Policy and
+ * java.security.ProtectionDomain provide the functionality of this class.
+ */
+public abstract class Policy
+{
+
+  private static Policy policy;
+
+  protected Policy()
+  {
+  }
+
+  public static synchronized Policy getPolicy()
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("getPolicy"));
+      }
+    return policy;
+  }
+
+  public static synchronized void setPolicy (Policy p)
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("setPolicy"));
+      }
+    policy = p;
+  }
+
+  public abstract PermissionCollection getPermissions (Subject subject, CodeSource source);
+  public abstract void refresh();
+}
diff --git a/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java b/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java
new file mode 100644
index 00000000000..1982eef3d6a
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java
@@ -0,0 +1,326 @@
+/* PrivateCredentialPermission.java -- permissions governing private credentials.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.Serializable;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+/**
+ * A permission governing access to a private credential. The action of this
+ * permission is always "read" -- meaning that the private credential
+ * information can be read from an object.
+ *
+ * <p>The target of this permission is formatted as follows:</p>
+ *
+ * <p><code>CredentialClassName ( PrinicpalClassName PrincipalName )*</code></p>
+ *
+ * <p><i>CredentialClassName</i> is either the name of a private credential
+ * class name, or a wildcard character (<code>'*'</code>).
+ * <i>PrinicpalClassName</i> is the class name of a principal object, and
+ * <i>PrincipalName</i> is a string representing the principal, or the
+ * wildcard character.</p>
+ */
+public final class PrivateCredentialPermission extends Permission
+  implements Serializable
+{
+  /**
+   * For compatability with Sun's JDK 1.4.2 rev. 5
+   */
+  private static final long serialVersionUID = 5284372143517237068L;
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial The credential class name.
+   */
+  private final String credentialClass;
+
+  /**
+   * @serial The principals, a set of CredOwner objects (an undocumented
+   *  inner class of this class).
+   */
+  private final Set principals;
+
+  /**
+   * @serial Who knows?
+   */
+  private final boolean testing;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Create a new private credential permission.
+   *
+   * @param name The permission target name.
+   * @param actions The list of actions, which, for this class, must be
+   *  <code>"read"</code>.
+   */
+  public PrivateCredentialPermission (final String name, String actions)
+  {
+    super(name);
+    actions = actions.trim().toLowerCase();
+    if (!"read".equals (actions))
+      {
+        throw new IllegalArgumentException("actions must be \"read\"");
+      }
+    StringTokenizer st = new StringTokenizer (name, " \"'");
+    principals = new HashSet();
+    if (st.countTokens() < 3 || (st.countTokens() & 1) == 0)
+      {
+        throw new IllegalArgumentException ("badly formed credential name");
+      }
+    credentialClass = st.nextToken();
+    while (st.hasMoreTokens())
+      {
+        principals.add (new CredOwner (st.nextToken(), st.nextToken()));
+      }
+    testing = false; // WTF ever.
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public boolean equals (Object o)
+  {
+    if (! (o instanceof PrivateCredentialPermission))
+      {
+        return false;
+      }
+    PrivateCredentialPermission that = (PrivateCredentialPermission) o;
+    if (!that.getActions().equals (getActions()))
+      {
+        return false;
+      }
+    if (!that.getCredentialClass().equals (getCredentialClass()))
+      {
+        return false;
+      }
+
+    final String[][] principals = getPrincipals();
+    final String[][] that_principals = that.getPrincipals();
+    if (that_principals == null)
+      {
+        return false;
+      }
+    if (that_principals.length != principals.length)
+      {
+        return false;
+      }
+    for (int i = 0; i < principals.length; i++)
+      {
+        if (!principals[i][0].equals (that_principals[i][0]) ||
+            !principals[i][1].equals (that_principals[i][1]))
+          {
+            return false;
+          }
+      }
+    return true;
+  }
+
+  /**
+   * Returns the actions this permission encompasses. For private credential
+   * permissions, this is always the string <code>"read"</code>.
+   *
+   * @return The list of actions.
+   */
+  public String getActions()
+  {
+    return "read";
+  }
+
+  /**
+   * Returns the credential class name that was embedded in this permission's
+   * target name.
+   *
+   * @return The credential class name.
+   */
+  public String getCredentialClass()
+  {
+    return credentialClass;
+  }
+
+  /**
+   * Returns the principal list that was embedded in this permission's target
+   * name.
+   *
+   * <p>Each element of the returned array is a pair; the first element is the
+   * principal class name, and the second is the principal name.
+   *
+   * @return The principal list.
+   */
+  public String[][] getPrincipals()
+  {
+    String[][] ret = new String[principals.size()][];
+    Iterator it = principals.iterator();
+    for (int i = 0; i < principals.size() && it.hasNext(); i++)
+      {
+        CredOwner co = (CredOwner) it.next();
+        ret[i] = new String[] { co.getPrincipalClass(), co.getPrincipalName() };
+      }
+    return ret;
+  }
+
+  public int hashCode()
+  {
+    return credentialClass.hashCode() + principals.hashCode();
+  }
+
+  /**
+   * Test if this permission implies another. This method returns true if:
+   *
+   * <ol>
+   * <li><i>p</i> is an instance of PrivateCredentialPermission</li>.
+   * <li>The credential class name of this instance matches that of <i>p</i>,
+   * and one of the principals of <i>p</i> is contained in the principals of
+   * this class. Thus,
+   *   <ul>
+   *   <li><code>[ * P "foo" ]  implies [ C P "foo" ]</code></li>
+   *   <li><code>[ C P1 "foo" ] implies [ C P1 "foo" P2 "bar" ]</code></li>
+   *   <li><code>[ C P1 "*" ]   implies [ C P1 "foo" ]</code></li>
+   *   </ul>
+   * </ol>
+   *
+   * @param p The permission to check.
+   * @return True if this permission implies <i>p</i>.
+   */
+  public boolean implies (Permission p)
+  {
+    if (! (p instanceof PrivateCredentialPermission))
+      {
+        return false;
+      }
+    PrivateCredentialPermission that = (PrivateCredentialPermission) p;
+    if (!credentialClass.equals ("*")
+        && !credentialClass.equals (that.getCredentialClass()))
+      {
+        return false;
+      }
+    String[][] principals = getPrincipals();
+    String[][] that_principals = that.getPrincipals();
+    if (that_principals == null)
+      {
+        return false;
+      }
+    for (int i = 0; i < principals.length; i++)
+      {
+        for (int j = 0; j < that_principals.length; j++)
+          {
+            if (principals[i][0].equals (that_principals[j][0]) &&
+                (principals[i][1].equals ("*") ||
+                 principals[i][1].equals (that_principals[j][1])))
+              {
+                return true;
+              }
+          }
+      }
+    return false;
+  }
+
+  /**
+   * This method is not necessary for this class, thus it always returns null.
+   *
+   * @return null.
+   */
+  public PermissionCollection newPermissionCollection()
+  {
+    return null;
+  }
+
+  // Inner class.
+  // -------------------------------------------------------------------------
+
+  /**
+   * An undocumented inner class present for serialization compatibility.
+   */
+  private static class CredOwner implements Serializable
+  {
+
+    // Fields.
+    // -----------------------------------------------------------------------
+
+    private final String principalClass;
+    private final String principalName;
+
+    // Constructor.
+    // -----------------------------------------------------------------------
+
+    CredOwner (final String principalClass, final String principalName)
+    {
+      this.principalClass = principalClass;
+      this.principalName = principalName;
+    }
+
+    // Instance methods.
+    // -----------------------------------------------------------------------
+
+    public boolean equals (Object o)
+    {
+      if (!(o instanceof CredOwner))
+        {
+          return false;
+        }
+      return principalClass.equals (((CredOwner) o).getPrincipalClass()) &&
+        principalName.equals (((CredOwner) o).getPrincipalName());
+    }
+
+    public int hashCode()
+    {
+      return principalClass.hashCode() + principalName.hashCode();
+    }
+
+    public String getPrincipalClass()
+    {
+      return principalClass;
+    }
+
+    public String getPrincipalName()
+    {
+      return principalName;
+    }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/RefreshFailedException.java b/libjava/classpath/javax/security/auth/RefreshFailedException.java
new file mode 100644
index 00000000000..6b8f94dcd33
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/RefreshFailedException.java
@@ -0,0 +1,63 @@
+/* RefreshFailedException.java -- signals a failed refresh.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * A signal that a call to {@link Refreshable#refresh()} failed.
+ */
+public class RefreshFailedException extends Exception
+{
+
+  /**
+   * Create a new RefreshFailedException with no detail message.
+   */
+  public RefreshFailedException()
+  {
+  }
+
+  /**
+   * Create a new RefreshFailedException with a detail message.
+   *
+   * @param message The detail message.
+   */
+  public RefreshFailedException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/Refreshable.java b/libjava/classpath/javax/security/auth/Refreshable.java
new file mode 100644
index 00000000000..14d766079e2
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Refreshable.java
@@ -0,0 +1,65 @@
+/* Refreshable.java -- an object whose state may be refreshed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An object whose internal state may be <em>refreshed:</em> as in a
+ * credential object with a expiry date.
+ */
+public interface Refreshable
+{
+
+  /**
+   * Tells whether or not this object is current. Refreshable objects that
+   * are not current may need to be refreshed.
+   *
+   * @return Whether this object is current.
+   */
+  boolean isCurrent();
+
+  /**
+   * Refresh this object. The process involved in refreshing an object is
+   * per-implementation dependent.
+   *
+   * @throws RefreshFailedException If refreshing this object fails.
+   * @throws SecurityException If the caller does not have permission to
+   *  refresh, or to take the steps involved in refreshing, this object.
+   */
+  void refresh() throws RefreshFailedException;
+}
diff --git a/libjava/classpath/javax/security/auth/Subject.java b/libjava/classpath/javax/security/auth/Subject.java
new file mode 100644
index 00000000000..4e35a645ddb
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Subject.java
@@ -0,0 +1,556 @@
+/* Subject.java -- a single entity in the system.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import java.util.AbstractSet;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.Set;
+
+public final class Subject implements Serializable
+{
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -8308522755600156056L;
+
+  /**
+   * @serial The set of principals. The type of this field is SecureSet, a
+   *  private inner class.
+   */
+  private final Set principals;
+
+  /**
+   * @serial The read-only flag.
+   */
+  private boolean readOnly;
+
+  private final transient SecureSet pubCred;
+  private final transient SecureSet privCred;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public Subject()
+  {
+    principals = new SecureSet (this, SecureSet.PRINCIPALS);
+    pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS);
+    privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS);
+    readOnly = false;
+  }
+
+  public Subject (final boolean readOnly, final Set principals,
+                  final Set pubCred, final Set privCred)
+  {
+    if (principals == null || pubCred == null || privCred == null)
+      {
+        throw new NullPointerException();
+      }
+    this.principals = new SecureSet (this, SecureSet.PRINCIPALS, principals);
+    this.pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS, pubCred);
+    this.privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS, privCred);
+    this.readOnly = readOnly;
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Returns the subject associated with the given {@link
+   * AccessControlContext}.</p>
+   *
+   * <p>All this method does is retrieve the Subject object from the supplied
+   * context's {@link DomainCombiner}, if any, and if it is an instance of
+   * a {@link SubjectDomainCombiner}.
+   *
+   * @param context The context to retrieve the subject from.
+   * @return The subject assoctiated with the context, or <code>null</code>
+   *  if there is none.
+   * @throws NullPointerException If <i>subject</i> is null.
+   * @throws SecurityException If the caller does not have permission to get
+   *  the subject (<code>"getSubject"</code> target of {@link AuthPermission}.
+   */
+  public static Subject getSubject (final AccessControlContext context)
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("getSubject"));
+      }
+    DomainCombiner dc = context.getDomainCombiner();
+    if (!(dc instanceof SubjectDomainCombiner))
+      {
+        return null;
+      }
+    return ((SubjectDomainCombiner) dc).getSubject();
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will obtain the current
+   * {@link AccessControlContext} for this thread, then creates another with
+   * a {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+   */
+  public static Object doAs (final Subject subject, final PrivilegedAction action)
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAs"));
+      }
+    AccessControlContext context =
+      new AccessControlContext (AccessController.getContext(),
+                                new SubjectDomainCombiner (subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will obtain the current
+   * {@link AccessControlContext} for this thread, then creates another with
+   * a {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+   * @throws PrivilegedActionException If the action throws an exception.
+   */
+  public static Object doAs (final Subject subject,
+                             final PrivilegedExceptionAction action)
+    throws PrivilegedActionException
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAs"));
+      }
+    AccessControlContext context =
+      new AccessControlContext (AccessController.getContext(),
+                                new SubjectDomainCombiner(subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will create a new
+   * {@link AccessControlContext} derived from the given one, with a
+   * {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @param acc The context to use.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAsPrivileged"</code> target of {@link
+   *  AuthPermission}.
+   */
+  public static Object doAsPrivileged (final Subject subject,
+                                       final PrivilegedAction action,
+                                       final AccessControlContext acc)
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+      }
+    AccessControlContext context =
+      new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will create a new
+   * {@link AccessControlContext} derived from the given one, with a
+   * {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @param acc The context to use.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAsPrivileged"</code> target of
+   *  {@link AuthPermission}.
+   * @throws PrivilegedActionException If the action throws an exception.
+   */
+  public static Object doAsPrivileged (final Subject subject,
+                                       final PrivilegedExceptionAction action,
+				       AccessControlContext acc)
+    throws PrivilegedActionException
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+      }
+    if (acc == null)
+      acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
+    AccessControlContext context =
+      new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public boolean equals (Object o)
+  {
+    if (!(o instanceof Subject))
+      {
+        return false;
+      }
+    Subject that = (Subject) o;
+    return principals.containsAll (that.getPrincipals()) &&
+      pubCred.containsAll (that.getPublicCredentials()) &&
+      privCred.containsAll (that.getPrivateCredentials());
+  }
+
+  public Set getPrincipals()
+  {
+    return principals;
+  }
+
+  public Set getPrincipals(Class clazz)
+  {
+    HashSet result = new HashSet (principals.size());
+    for (Iterator it = principals.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o != null && clazz.isAssignableFrom (o.getClass()))
+          {
+            result.add(o);
+          }
+      }
+    return Collections.unmodifiableSet (result);
+  }
+
+  public Set getPrivateCredentials()
+  {
+    return privCred;
+  }
+
+  public Set getPrivateCredentials (Class clazz)
+  {
+    HashSet result = new HashSet (privCred.size());
+    for (Iterator it = privCred.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o != null && clazz.isAssignableFrom (o.getClass()))
+          {
+            result.add(o);
+          }
+      }
+    return Collections.unmodifiableSet (result);
+  }
+
+  public Set getPublicCredentials()
+  {
+    return pubCred;
+  }
+
+  public Set getPublicCredentials (Class clazz)
+  {
+    HashSet result = new HashSet (pubCred.size());
+    for (Iterator it = pubCred.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o != null && clazz.isAssignableFrom (o.getClass()))
+          {
+            result.add(o);
+          }
+      }
+    return Collections.unmodifiableSet (result);
+  }
+
+  public int hashCode()
+  {
+    return principals.hashCode() + privCred.hashCode() + pubCred.hashCode();
+  }
+
+  /**
+   * <p>Returns whether or not this subject is read-only.</p>
+   *
+   * @return True is this subject is read-only.
+   */
+  public boolean isReadOnly()
+  {
+    return readOnly;
+  }
+
+  /**
+   * <p>Marks this subject as read-only.</p>
+   *
+   * @throws SecurityException If the caller does not have permission to
+   *  set this subject as read-only (<code>"setReadOnly"</code> target of
+   *  {@link AuthPermission}.
+   */
+  public void setReadOnly()
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("setReadOnly"));
+      }
+    readOnly = true;
+  }
+
+  public String toString()
+  {
+    return Subject.class.getName() + " [ principals=" + principals +
+      ", private credentials=" + privCred + ", public credentials=" +
+      pubCred + ", read-only=" + readOnly + " ]";
+  }
+
+// Inner class.
+  // -------------------------------------------------------------------------
+
+  /**
+   * An undocumented inner class that is used for sets in the parent class.
+   */
+  private static class SecureSet extends AbstractSet implements Serializable
+  {
+    // Fields.
+    // -----------------------------------------------------------------------
+
+    private static final long serialVersionUID = 7911754171111800359L;
+
+    static final int PRINCIPALS = 0;
+    static final int PUBLIC_CREDENTIALS = 1;
+    static final int PRIVATE_CREDENTIALS = 2;
+
+    private final Subject subject;
+    private final LinkedList elements;
+    private final transient int type;
+
+    // Constructors.
+    // -----------------------------------------------------------------------
+
+    SecureSet (final Subject subject, final int type, final Collection elements)
+    {
+      this (subject, type);
+      for (Iterator it = elements.iterator(); it.hasNext(); )
+        {
+          Object o = it.next();
+          if (type == PRINCIPALS && !(o instanceof Principal))
+            {
+              throw new IllegalArgumentException(o+" is not a Principal");
+            }
+          if (!elements.contains (o))
+            {
+              elements.add (o);
+            }
+        }
+    }
+
+    SecureSet (final Subject subject, final int type)
+    {
+      this.subject = subject;
+      this.type = type;
+      this.elements = new LinkedList();
+    }
+
+    // Instance methods.
+    // -----------------------------------------------------------------------
+
+    public synchronized int size()
+    {
+      return elements.size();
+    }
+
+    public Iterator iterator()
+    {
+      return elements.iterator();
+    }
+
+    public synchronized boolean add(Object element)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      final SecurityManager sm = System.getSecurityManager();
+      switch (type)
+        {
+        case PRINCIPALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+            }
+          if (!(element instanceof Principal))
+            {
+              throw new IllegalArgumentException ("element is not a Principal");
+            }
+          break;
+
+        case PUBLIC_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+            }
+          break;
+
+        case PRIVATE_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+            }
+          break;
+
+        default:
+          throw new Error ("this statement should be unreachable");
+        }
+
+      if (elements.contains (element))
+        {
+          return false;
+        }
+
+      return elements.add (element);
+    }
+
+    public synchronized boolean remove (final Object element)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      final SecurityManager sm = System.getSecurityManager();
+      switch (type)
+        {
+        case PRINCIPALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+            }
+          if (!(element instanceof Principal))
+            {
+              throw new IllegalArgumentException ("element is not a Principal");
+            }
+          break;
+
+        case PUBLIC_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+            }
+          break;
+
+        case PRIVATE_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+            }
+          break;
+
+        default:
+          throw new Error("this statement should be unreachable");
+        }
+
+      return elements.remove(element);
+    }
+
+    public synchronized boolean contains (final Object element)
+    {
+      return elements.remove (element);
+    }
+
+    public boolean removeAll (final Collection c)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      return super.removeAll (c);
+    }
+
+    public boolean retainAll (final Collection c)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      return super.retainAll (c);
+    }
+
+    public void clear()
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      elements.clear();
+    }
+
+    private synchronized void writeObject (ObjectOutputStream out)
+      throws IOException
+    {
+      throw new UnsupportedOperationException ("FIXME: determine serialization");
+    }
+
+    private void readObject (ObjectInputStream in)
+      throws ClassNotFoundException, IOException
+    {
+      throw new UnsupportedOperationException ("FIXME: determine serialization");
+    }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java b/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java
new file mode 100644
index 00000000000..94a7160eb18
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java
@@ -0,0 +1,96 @@
+/* SubjectDomainCombiner.java -- domain combiner for Subjects.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+
+import java.util.LinkedList;
+
+public class SubjectDomainCombiner implements DomainCombiner
+{
+
+  // Field.
+  // -------------------------------------------------------------------------
+
+  private final Subject subject;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  public SubjectDomainCombiner (final Subject subject)
+  {
+    this.subject = subject;
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public ProtectionDomain[] combine (final ProtectionDomain[] current,
+                                     final ProtectionDomain[] assigned)
+  {
+    LinkedList domains = new LinkedList();
+    Principal[] principals =
+      (Principal[]) subject.getPrincipals().toArray (new Principal[0]);
+    if (current != null)
+      {
+        for (int i = 0; i < current.length; i++)
+          {
+            domains.add (new ProtectionDomain (current[i].getCodeSource(),
+                                               current[i].getPermissions(),
+                                               current[i].getClassLoader(),
+                                               principals));
+          }
+      }
+    if (assigned != null)
+      {
+        for (int i = 0; i < assigned.length; i++)
+          {
+            domains.add (assigned[i]);
+          }
+      }
+    return (ProtectionDomain[]) domains.toArray (new ProtectionDomain[domains.size()]);
+  }
+
+  public Subject getSubject()
+  {
+    return subject;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/Callback.java b/libjava/classpath/javax/security/auth/callback/Callback.java
new file mode 100644
index 00000000000..359828e1a3c
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/Callback.java
@@ -0,0 +1,64 @@
+/* Callback.java -- marker interface for callback classes
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * <p>Implementations of this interface are passed to a {@link CallbackHandler},
+ * allowing underlying security services the ability to interact with a calling
+ * application to retrieve specific authentication data such as usernames and
+ * passwords, or to display certain information, such as error and warning
+ * messages.</p>
+ *
+ * <p><code>Callback</code> implementations do not retrieve or display the
+ * information requested by underlying security services. <code>Callback</code>
+ * implementations simply provide the means to pass such requests to
+ * applications, and for applications, if appropriate, to return requested
+ * information back to the underlying security services.</p>
+ *
+ * @see CallbackHandler
+ * @see ChoiceCallback
+ * @see ConfirmationCallback
+ * @see LanguageCallback
+ * @see NameCallback
+ * @see PasswordCallback
+ * @see TextInputCallback
+ * @see TextOutputCallback
+ */
+public interface Callback {
+}
diff --git a/libjava/classpath/javax/security/auth/callback/CallbackHandler.java b/libjava/classpath/javax/security/auth/callback/CallbackHandler.java
new file mode 100644
index 00000000000..8d22943cace
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/CallbackHandler.java
@@ -0,0 +1,155 @@
+/* CallbackHandler.java -- base interface for callback handlers.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.IOException;
+
+/**
+ * <p>An application implements a <code>CallbackHandler</code> and passes it to
+ * underlying security services so that they may interact with the application
+ * to retrieve specific authentication data, such as usernames and passwords, or
+ * to display certain information, such as error and warning messages.</p>
+ *
+ * <p><code>CallbackHandler</code>s are implemented in an application-dependent
+ * fashion. For example, implementations for an application with a graphical
+ * user interface (GUI) may pop up windows to prompt for requested information
+ * or to display error messages. An implementation may also choose to obtain
+ * requested information from an alternate source without asking the end user.</p>
+ *
+ * <p>Underlying security services make requests for different types of
+ * information by passing individual Callbacks to the <code>CallbackHandler</code>.
+ * The <code>CallbackHandler</code> implementation decides how to retrieve and
+ * display information depending on the {@link Callback}s passed to it. For
+ * example, if the underlying service needs a username and password to
+ * authenticate a user, it uses a {@link NameCallback} and
+ * {@link PasswordCallback}. The <code>CallbackHandler</code> can then choose
+ * to prompt for a username and password serially, or to prompt for both in a
+ * single window.</p>
+ *
+ * <p>A default <code>CallbackHandler</code> class implementation may be
+ * specified in the <code>auth.login.defaultCallbackHandler</code> security
+ * property. The security property can be set in the Java security properties
+ * file located in the file named
+ * <code>&lt;JAVA_HOME>/lib/security/java.security</code>, where
+ * <code>&lt;JAVA_HOME></code> refers to the directory where the SDK was
+ * installed.</p>
+ *
+ * <p>If the security property is set to the fully qualified name of a
+ * <code>CallbackHandler</code> implementation class, then a
+ * <code>LoginContext</code>will load the specified <code>CallbackHandler</code>
+ * and pass it to the underlying <code>LoginModules</code>. The
+ * <code>LoginContext</code> only loads the default handler if one was not
+ * provided.</p>
+ *
+ * <p>All default handler implementations must provide a public zero-argument
+ * constructor.</p>
+ *
+ */
+public interface CallbackHandler
+{
+
+  /**
+   * <p>Retrieve or display the information requested in the provided
+   * {@link Callback}s.</p>
+   *
+   * <p>The <code>handle()</code> method implementation checks the instance(s)
+   * of the {@link Callback} object(s) passed in to retrieve or display the
+   * requested information. The following example is provided to help
+   * demonstrate what an <code>handle()</code> method implementation might look
+   * like. This example code is for guidance only. Many details, including
+   * proper error handling, are left out for simplicity.</p>
+   *
+   * <pre>
+   *public void handle(Callback[] callbacks)
+   *throws IOException, UnsupportedCallbackException {
+   *   for (int i = 0; i < callbacks.length; i++) {
+   *      if (callbacks[i] instanceof TextOutputCallback) {
+   *         // display the message according to the specified type
+   *         TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+   *         switch (toc.getMessageType()) {
+   *         case TextOutputCallback.INFORMATION:
+   *            System.out.println(toc.getMessage());
+   *            break;
+   *         case TextOutputCallback.ERROR:
+   *            System.out.println("ERROR: " + toc.getMessage());
+   *            break;
+   *         case TextOutputCallback.WARNING:
+   *            System.out.println("WARNING: " + toc.getMessage());
+   *            break;
+   *         default:
+   *            throw new IOException("Unsupported message type: "
+   *                  + toc.getMessageType());
+   *         }
+   *      } else if (callbacks[i] instanceof NameCallback) {
+   *         // prompt the user for a username
+   *         NameCallback nc = (NameCallback)callbacks[i];
+   *         // ignore the provided defaultName
+   *         System.err.print(nc.getPrompt());
+   *         System.err.flush();
+   *         nc.setName((new BufferedReader(
+   *               new InputStreamReader(System.in))).readLine());
+   *      } else if (callbacks[i] instanceof PasswordCallback) {
+   *         // prompt the user for sensitive information
+   *         PasswordCallback pc = (PasswordCallback)callbacks[i];
+   *         System.err.print(pc.getPrompt());
+   *         System.err.flush();
+   *         pc.setPassword(readPassword(System.in));
+   *      } else {
+   *         throw new UnsupportedCallbackException(
+   *               callbacks[i], "Unrecognized Callback");
+   *      }
+   *   }
+   *}
+   *
+   * // Reads user password from given input stream.
+   *private char[] readPassword(InputStream in) throws IOException {
+   *   // insert code to read a user password from the input stream
+   *}
+   * </pre>
+   *
+   * @param callbacks an array of {@link Callback} objects provided by an
+   * underlying security service which contains the information requested to
+   * be retrieved or displayed.
+   * @throws IOException if an input or output error occurs.
+   * @throws UnsupportedCallbackException if the implementation of this method
+   * does not support one or more of the Callbacks specified in the
+   * <code>callbacks</code> parameter.
+   */
+  void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException;
+}
diff --git a/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java b/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java
new file mode 100644
index 00000000000..ec12a668514
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java
@@ -0,0 +1,236 @@
+/* ChoiceCallback.java -- callback for a choice of values.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ChoiceCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display a list of choices and to retrieve the
+ * selected choice(s).
+ *
+ * @see CallbackHandler
+ */
+public class ChoiceCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial the list of choices.
+   * @since 1.4
+   */
+  private String[] choices;
+
+  /**
+   * @serial the choice to be used as the default choice.
+   * @since 1.4
+   */
+  private int defaultChoice;
+
+  /**
+   * @serial whether multiple selections are allowed from the list of choices.
+   * @since 1.4
+   */
+  private boolean multipleSelectionsAllowed;
+
+  /**
+   * @serial the selected choices, represented as indexes into the choices list.
+   * @since 1.4
+   */
+  private int[] selections;
+
+  // Constructor(s)
+  //--------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>ChoiceCallback</code> with a prompt, a list of choices,
+   * a default choice, and a boolean specifying whether or not multiple
+   * selections from the list of choices are allowed.
+   *
+   * @param prompt the prompt used to describe the list of choices.
+   * @param choices the list of choices.
+   * @param defaultChoice the choice to be used as the default choice when the
+   * list of choices are displayed. This value is represented as an index into
+   * the <code>choices</code> array.
+   * @param multipleSelectionsAllowed boolean specifying whether or not
+   * multiple selections can be made from the list of choices.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if <code>choices</code>
+   * is <code>null</code>, if <code>choices</code> has a length of <code>0</code>,
+   * if any element from <code>choices</code> is <code>null</code>, if any
+   * element from <code>choices</code> has a length of <code>0</code> or if
+   * <code>defaultChoice</code> does not fall within the array boundaries of
+   * <code>choices</code>.
+   */
+  public ChoiceCallback(String prompt, String[] choices, int defaultChoice,
+			boolean multipleSelectionsAllowed)
+  {
+    super();
+
+    setPrompt(prompt);
+    setChoices(choices);
+    if (defaultChoice < 0 || defaultChoice >= this.choices.length)
+      {
+	throw new IllegalArgumentException("default choice is out of bounds");
+      }
+    this.defaultChoice = defaultChoice;
+    this.multipleSelectionsAllowed = multipleSelectionsAllowed;
+  }
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the list of choices.
+   *
+   * @return the list of choices.
+   */
+  public String[] getChoices()
+  {
+    return choices;
+  }
+
+  /**
+   * Get the defaultChoice.
+   *
+   * @return the defaultChoice, represented as an index into the choices list.
+   */
+  public int getDefaultChoice()
+  {
+    return defaultChoice;
+  }
+
+  /**
+   * Get the boolean determining whether multiple selections from the choices
+   * list are allowed.
+   *
+   * @return whether multiple selections are allowed.
+   */
+  public boolean allowMultipleSelections()
+  {
+    return multipleSelectionsAllowed;
+  }
+
+  /**
+   * Set the selected choice.
+   *
+   * @param selection the selection represented as an index into the choices
+   * list.
+   * @see #getSelectedIndexes()
+   */
+  public void setSelectedIndex(int selection)
+  {
+    this.selections = new int[1];
+    this.selections[0] = selection;
+  }
+
+  /**
+   * Set the selected choices.
+   *
+   * @param selections the selections represented as indexes into the choices
+   * list.
+   * @throws UnsupportedOperationException if multiple selections are not
+   * allowed, as determined by <code>allowMultipleSelections</code>.
+   * @see #getSelectedIndexes()
+   */
+  public void setSelectedIndexes(int[] selections)
+  {
+    if (!multipleSelectionsAllowed)
+      {
+	throw new UnsupportedOperationException("not allowed");
+      }
+
+    this.selections = selections;
+  }
+
+  /**
+   * Get the selected choices.
+   *
+   * @return the selected choices, represented as indexes into the choices list.
+   * @see #setSelectedIndexes(int[])
+   */
+  public int[] getSelectedIndexes()
+  {
+    return selections;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+
+  private void setChoices(String[] choices) throws IllegalArgumentException
+  {
+    if (choices == null || choices.length == 0)
+      {
+	throw new IllegalArgumentException("invalid choices");
+      }
+    for (int i = 0; i < choices.length; i++)
+      {
+	if (choices[i] == null || choices[i].length() == 0)
+	  {
+	    throw new IllegalArgumentException("invalid choice at index #"+i);
+	  }
+      }
+    this.choices = choices;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java b/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java
new file mode 100644
index 00000000000..938b3017380
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java
@@ -0,0 +1,505 @@
+/* ConfirmationCallback.java -- callback for confirmations.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ConfirmationCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to ask for YES/NO, OK/CANCEL, YES/NO/CANCEL or other
+ * similar confirmations.
+ *
+ * @see CallbackHandler
+ */
+public class ConfirmationCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Unspecified option type.</p>
+   *
+   * <p>The <code>getOptionType</code> method returns this value if this
+   * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+   * instead of an <code>optionType</code>.</p>
+   */
+  public static final int UNSPECIFIED_OPTION = -1;
+
+  /**
+   * <p>YES/NO confirmation option.</p>
+   *
+   * <p>An underlying security service specifies this as the <code>optionType</code>
+   * to a <code>ConfirmationCallback</code> constructor if it requires a
+   * confirmation which can be answered with either <code>YES</code> or
+   * <code>NO</code>.</p>
+   */
+  public static final int YES_NO_OPTION = 0;
+
+  /**
+   * <p>YES/NO/CANCEL confirmation confirmation option.</p>
+   *
+   * <p>An underlying security service specifies this as the <code>optionType</code>
+   * to a <code>ConfirmationCallback</code> constructor if it requires a
+   * confirmation which can be answered with either <code>YES</code>,
+   * <code>NO</code> or <code>CANCEL</code>.
+   */
+  public static final int YES_NO_CANCEL_OPTION = 1;
+
+  /**
+   * <p>OK/CANCEL confirmation confirmation option.</p>
+   *
+   * <p>An underlying security service specifies this as the <code>optionType</code>
+   * to a <code>ConfirmationCallback</code> constructor if it requires a
+   * confirmation which can be answered with either <code>OK</code> or
+   * <code>CANCEL</code>.</p>
+   */
+  public static final int OK_CANCEL_OPTION = 2;
+
+  /**
+   * <p>YES option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int YES = 0;
+
+  /**
+   * <p>NO option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int NO = 1;
+
+  /**
+   * <p>CANCEL option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int CANCEL = 2;
+
+  /**
+   * <p>OK option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int OK = 3;
+
+  /** INFORMATION message type. */
+  public static final int INFORMATION = 0;
+
+  /** WARNING message type. */
+  public static final int WARNING = 1;
+
+  /** ERROR message type. */
+  public static final int ERROR = 2;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int messageType;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int optionType;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int defaultOption;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String[] options = null;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int selection;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a message type, an
+   * option type and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require
+   * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+   *
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+   * OK_CANCEL_OPTION).
+   * @param defaultOption the default option from the provided optionType (YES,
+   * NO, CANCEL or OK).
+   * @throws IllegalArgumentException if <code>messageType</code> is not either
+   * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+   * <code>optionType</code> is not either <code>YES_NO_OPTION</code>,
+   * <code>YES_NO_CANCEL_OPTION</code>, or <code>OK_CANCEL_OPTION</code>, or if
+   * <code>defaultOption</code> does not correspond to one of the options in
+   * <code>optionType</code>.
+   */
+  public ConfirmationCallback(int messageType, int optionType, int defaultOption)
+    throws IllegalArgumentException
+  {
+    super();
+
+    setMessageType(messageType);
+    setOptionType(optionType, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a message type, a
+   * list of options and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require a
+   * confirmation different from the available preset confirmations provided
+   * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+   * listed in the <code>options</code> array, and are displayed by the
+   * {@link CallbackHandler} implementation in a manner consistent with the
+   * way preset options are displayed.</p>
+   *
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param options the list of confirmation options.
+   * @param defaultOption the default option, represented as an index into the
+   * <code>options</code> array.
+   * @throws IllegalArgumentException if <code>messageType</code> is not either
+   * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+   * <code>options</code> is <code>null</code>, if <code>options</code> has a
+   * length of <code>0</code>, if any element from <code>options</code> is
+   * <code>null</code>, if any element from <code>options</code> has a length
+   * of <code>0</code>, or if <code>defaultOption</code> does not lie within
+   * the array boundaries of <code>options</code>.
+   */
+  public ConfirmationCallback(int messageType, String[] options, int defaultOption)
+  {
+    super();
+
+    setMessageType(messageType);
+    setOptions(options, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+   * type, an option type and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require
+   * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+   *
+   * @param prompt the prompt used to describe the list of options.
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+   * OK_CANCEL_OPTION).
+   * @param defaultOption the default option from the provided optionType (YES,
+   * NO, CANCEL or OK).
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>messageType</code> is not either <code>INFORMATION</code>,
+   * <code>WARNING</code>, or <code>ERROR</code>, if <code>optionType</code> is
+   * not either <code>YES_NO_OPTION</code>, <code>YES_NO_CANCEL_OPTION</code>,
+   * or <code>OK_CANCEL_OPTION</code>, or if <code>defaultOption</code> does
+   * not correspond to one of the options in <code>optionType</code>.
+   */
+  public ConfirmationCallback(String prompt, int messageType, int optionType,
+			      int defaultOption)
+  {
+    super();
+
+    setPrompt(prompt);
+    setMessageType(messageType);
+    setOptionType(optionType, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+   * type, a list of options and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require a
+   * confirmation different from the available preset confirmations provided
+   * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+   * listed in the <code>options</code> array, and are displayed by the
+   * {@link CallbackHandler} implementation in a manner consistent with the
+   * way preset options are displayed.</p>
+   *
+   * @param prompt the prompt used to describe the list of options.
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param options the list of confirmation options.
+   * @param defaultOption the default option, represented as an index into the
+   * <code>options</code> array.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>messageType</code> is not either <code>INFORMATION</code>,
+   * <code>WARNING</code>, or <code>ERROR</code>, if <code>options</code> is
+   * <code>null</code>, if <code>options</code> has a length of <code>0</code>,
+   * if any element from <code>options</code> is <code>null</code>, if any
+   * element from <code>options</code> has a length of <code>0</code>, or if
+   * <code>defaultOption</code> does not lie within the array boundaries of
+   * <code>options</code>.
+   */
+  public ConfirmationCallback(String prompt, int messageType, String[] options,
+			      int defaultOption)
+  {
+    super();
+
+    setPrompt(prompt);
+    setMessageType(messageType);
+    setOptions(options, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt, or <code>null</code> if this
+   * <code>ConfirmationCallback</code> was instantiated without a prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the message type.
+   *
+   * @return the message type (INFORMATION, WARNING or ERROR).
+   */
+  public int getMessageType()
+  {
+    return messageType;
+  }
+
+  /**
+   * <p>Get the option type.</p>
+   *
+   * <p>If this method returns {@link #UNSPECIFIED_OPTION}, then this
+   * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+   * instead of an <code>optionType</code>. In this case, invoke the
+   * {@link #getOptions()} method to determine which confirmation options to
+   * display.</p>
+   *
+   * @return the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+   * OK_CANCEL_OPTION), or UNSPECIFIED_OPTION if this
+   * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+   * instead of an <code>optionType</code>.
+   */
+  public int getOptionType()
+  {
+    if (options != null)
+      {
+	return UNSPECIFIED_OPTION;
+      }
+    return optionType;
+  }
+
+  /**
+   * Get the confirmation options.
+   *
+   * @return the list of confirmation options, or <code>null</code> if this
+   * <code>ConfirmationCallback</code> was instantiated with an
+   * <code>optionType</code> instead of <code>options</code>.
+   */
+  public String[] getOptions()
+  {
+    return options;
+  }
+
+  /**
+   * Get the default option.
+   *
+   * @return the default option, represented as <code>YES</code>, <code>NO</code>,
+   * <code>OK</code> or <code>CANCEL</code> if an <code>optionType</code> was
+   * specified to the constructor of this <code>ConfirmationCallback</code>.
+   * Otherwise, this method returns the default option as an index into the
+   * <code>options</code> array specified to the constructor of this
+   * <code>ConfirmationCallback</code>.
+   */
+  public int getDefaultOption()
+  {
+    return defaultOption;
+  }
+
+  /**
+   * Set the selected confirmation option.
+   *
+   * @param selection the selection represented as <code>YES</code>,
+   * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+   * <code>optionType</code> was specified to the constructor of this
+   * <code>ConfirmationCallback</code>. Otherwise, the <code>selection</code>
+   * represents the index into the <code>options</code> array specified to the
+   * constructor of this <code>ConfirmationCallback</code>.
+   * @see #getSelectedIndex()
+   */
+  public void setSelectedIndex(int selection)
+  {
+    if (options != null)
+      {
+	setOptions(options, selection);
+      }
+    else
+      {
+	setOptionType(optionType, selection);
+      }
+  }
+
+  /**
+   * Get the selected confirmation option.
+   *
+   * @return the selected confirmation option represented as <code>YES</code>,
+   * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+   * <code>optionType</code> was specified to the constructor of this
+   * <code>ConfirmationCallback</code>. Otherwise, this method returns the
+   * selected confirmation option as an index into the <code>options</code>
+   * array specified to the constructor of this <code>ConfirmationCallback</code>.
+   * @see #setSelectedIndex(int)
+   */
+  public int getSelectedIndex()
+  {
+    return this.selection;
+  }
+
+  private void setMessageType(int messageType) throws IllegalArgumentException
+  {
+    switch (messageType)
+      {
+      case INFORMATION:
+      case WARNING:
+      case ERROR: this.messageType = messageType; break;
+      default: throw new IllegalArgumentException("illegal message type");
+      }
+  }
+
+  private void setOptionType(int optionType, int selectedOption)
+    throws IllegalArgumentException
+  {
+    switch (optionType)
+      {
+      case YES_NO_OPTION:
+	this.optionType = optionType;
+	switch (selectedOption)
+	  {
+	  case YES:
+	  case NO: this.selection = selectedOption; break;
+	  default: throw new IllegalArgumentException("invalid option");
+	  }
+	break;
+      case YES_NO_CANCEL_OPTION:
+	this.optionType = optionType;
+	switch (selectedOption)
+	  {
+	  case YES:
+	  case NO:
+	  case CANCEL: this.selection = selectedOption; break;
+	  default: throw new IllegalArgumentException("invalid option");
+	  }
+	break;
+      case OK_CANCEL_OPTION:
+	this.optionType = optionType;
+	switch (selectedOption)
+	  {
+	  case OK:
+	  case CANCEL: this.selection = selectedOption; break;
+	  default: throw new IllegalArgumentException("invalid option");
+	  }
+	break;
+      default:
+	throw new IllegalArgumentException("illegal option type");
+      }
+  }
+
+  private void setOptions(String[] options, int selectedOption)
+    throws IllegalArgumentException
+  {
+    if ((selectedOption < 0) || (selectedOption > options.length - 1))
+      {
+	throw new IllegalArgumentException("invalid selection");
+      }
+    if ((options == null) || (options.length == 0))
+      {
+	throw new IllegalArgumentException("options is null or empty");
+      }
+    for (int i = 0; i < options.length; i++)
+      {
+	if ((options[i] == null) || (options[i].length() == 0))
+	  {
+	    throw new IllegalArgumentException("options[" + i + "] is null or empty");
+	  }
+      }
+    this.options = options;
+    this.selection = selectedOption;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+	throw new IllegalArgumentException("prompt is null or empty");
+      }
+    this.prompt = prompt;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/LanguageCallback.java b/libjava/classpath/javax/security/auth/callback/LanguageCallback.java
new file mode 100644
index 00000000000..e0190e6ccaf
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/LanguageCallback.java
@@ -0,0 +1,100 @@
+/* LanguageCallback.java -- callback for language choices.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+import java.util.Locale;
+
+/**
+ * Underlying security services instantiate and pass a <code>LanguageCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * the {@link Locale} used for localizing text.
+ *
+ * @see CallbackHandler
+ */
+public class LanguageCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private Locale locale;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /** Construct a <code>LanguageCallback</code>. */
+  public LanguageCallback()
+  {
+    super();
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Set the retrieved Locale.
+   *
+   * @param locale the retrieved Locale.
+   * @see #getLocale()
+   */
+  public void setLocale(Locale locale)
+  {
+    this.locale = locale;
+  }
+
+  /**
+   * Get the retrieved Locale.
+   *
+   * @return the retrieved Locale, or <code>null</code> if no Locale could be
+   * retrieved.
+   * @see #setLocale(Locale)
+   */
+  public Locale getLocale()
+  {
+    return locale;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/NameCallback.java b/libjava/classpath/javax/security/auth/callback/NameCallback.java
new file mode 100644
index 00000000000..0e281d1cc8b
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/NameCallback.java
@@ -0,0 +1,178 @@
+/* NameCallback.java -- callback for user names.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>NameCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * name information.
+ *
+ * @see CallbackHandler
+ */
+public class NameCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String defaultName;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String inputName;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>NameCallback</code> with a prompt.
+   *
+   * @param prompt the prompt used to request the name.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>.
+   */
+  public NameCallback(String prompt)
+  {
+    super();
+
+    setPrompt(prompt);
+  }
+
+  /**
+   * Construct a <code>NameCallback</code> with a prompt and default name.
+   *
+   * @param prompt the prompt used to request the information.
+   * @param defaultName the name to be used as the default name displayed with
+   * the prompt.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>defaultName</code> is <code>null</code>, or if <code>defaultName</code>
+   * has a length of <code>0</code>.
+   */
+  public NameCallback(String prompt, String defaultName)
+    throws IllegalArgumentException
+  {
+    super();
+
+    setPrompt(prompt);
+    setDefaultName(defaultName);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the default name.
+   *
+   * @return the default name, or <code>null</code> if this
+   * <code>NameCallback</code> was not instantiated with a
+   * <code>defaultName</code>.
+   */
+  public String getDefaultName()
+  {
+    return defaultName;
+  }
+
+  /**
+   * Set the retrieved name.
+   *
+   * @param name the retrieved name (which may be <code>null</code>).
+   * @see #getName()
+   */
+  public void setName(String name)
+  {
+    this.inputName = name;
+  }
+
+  /**
+   * Get the retrieved name.
+   *
+   * @return the retrieved name (which may be <code>null</code>)
+   * @see #setName(String)
+   */
+  public String getName()
+  {
+    return inputName;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+
+  private void setDefaultName(String defaultName) throws IllegalArgumentException
+  {
+    if ((defaultName == null) || (defaultName.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid default name");
+      }
+    this.defaultName = defaultName;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/PasswordCallback.java b/libjava/classpath/javax/security/auth/callback/PasswordCallback.java
new file mode 100644
index 00000000000..e8c862aca3e
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/PasswordCallback.java
@@ -0,0 +1,168 @@
+/* PasswordCallback.java -- callback for passwords.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>PasswordCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * password information.
+ *
+ * @see CallbackHandler,
+ */
+public class PasswordCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private boolean echoOn;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private char[] inputPassword;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>PasswordCallback</code> with a prompt and a boolean
+   * specifying whether the password should be displayed as it is being typed.
+   *
+   * @param prompt the prompt used to request the password.
+   * @param echoOn <code>true</code> if the password should be displayed as it
+   * is being typed.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>.
+   */
+  public PasswordCallback(String prompt, boolean echoOn)
+  {
+    super();
+
+    setPrompt(prompt);
+    this.echoOn = echoOn;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Return whether the password should be displayed as it is being typed.
+   *
+   * @return the whether the password should be displayed as it is being typed.
+   */
+  public boolean isEchoOn()
+  {
+    return echoOn;
+  }
+
+  /**
+   * <p>Set the retrieved password.</p>
+   *
+   * <p>This method makes a copy of the input password before storing it.</p>
+   *
+   * @param password the retrieved password, which may be <code>null</code>.
+   * @see #getPassword()
+   */
+  public void setPassword(char[] password)
+  {
+    inputPassword = (password == null ? null : (char[]) password.clone());
+  }
+
+  /**
+   * <p>Get the retrieved password.</p>
+   *
+   * <p>This method returns a copy of the retrieved password.</p>
+   *
+   * @return the retrieved password, which may be <code>null</code>.
+   * @see #setPassword(char[])
+   */
+  public char[] getPassword()
+  {
+    return (inputPassword == null ? null : (char[]) inputPassword.clone());
+  }
+
+  /** Clear the retrieved password. */
+  public void clearPassword()
+  {
+    if (inputPassword != null)
+      {
+	for (int i = 0; i < inputPassword.length; i++)
+	  {
+	    inputPassword[i] = '\0';
+	  }
+	inputPassword = null;
+      }
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/TextInputCallback.java b/libjava/classpath/javax/security/auth/callback/TextInputCallback.java
new file mode 100644
index 00000000000..98b0ae3c12d
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/TextInputCallback.java
@@ -0,0 +1,177 @@
+/* TextInputCallback.java -- callbacks for user input.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>TextInputCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * generic text information.
+ *
+ * @see CallbackHandler
+ */
+public class TextInputCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String defaultText;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String inputText;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>TextInputCallback</code> with a prompt.
+   *
+   * @param prompt the prompt used to request the information.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>.
+   */
+  public TextInputCallback(String prompt) throws IllegalArgumentException
+  {
+    super();
+
+    setPrompt(prompt);
+  }
+
+  /**
+   * Construct a <code>TextInputCallback</code> with a prompt and default
+   * input value.
+   *
+   * @param prompt the prompt used to request the information.
+   * @param defaultText the text to be used as the default text displayed with
+   * the prompt.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>defaultText</code> is <code>null</code> or if <code>defaultText</code>
+   * has a length of <code>0</code>.
+   */
+  public TextInputCallback(String prompt, String defaultText)
+    throws IllegalArgumentException
+  {
+    super();
+
+    setPrompt(prompt);
+    setDefaultText(defaultText);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the default text.
+   *
+   * @return the default text, or <code>null</code> if this
+   * <code>TextInputCallback</code> was not instantiated with
+   * <code>defaultText</code>.
+   */
+  public String getDefaultText()
+  {
+    return defaultText;
+  }
+
+  /**
+   * Set the retrieved text.
+   *
+   * @param text the retrieved text, which may be <code>null</code>.
+   */
+  public void setText(String text)
+  {
+    this.inputText = text;
+  }
+
+  /**
+   * Get the retrieved text.
+   *
+   * @return the retrieved text, which may be <code>null</code>.
+   */
+  public String getText()
+  {
+    return inputText;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+
+  private void setDefaultText(String defaultText) throws IllegalArgumentException
+  {
+    if ((defaultText == null) || (defaultText.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid default text");
+      }
+    this.defaultText = defaultText;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java b/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java
new file mode 100644
index 00000000000..197cece5fe9
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java
@@ -0,0 +1,140 @@
+/* TextOutputCallback.java -- callback for text output.
+   Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * <p>Underlying security services instantiate and pass a
+ * <code>TextOutputCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display information messages, warning messages and
+ * error messages.</p>
+ *
+ * @see CallbackHandler
+ */
+public class TextOutputCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** Information message */
+  public static final int INFORMATION = 0;
+
+  /** Warning message */
+  public static final int WARNING = 1;
+
+  /** Error message */
+  public static final int ERROR = 2;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int messageType;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String message;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Construct a <code>TextOutputCallback</code> with a message type and
+   * message to be displayed.</p>
+   *
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param message the message to be displayed.
+   * @throws IllegalArgumentException if <code>messageType</code> is not either
+   * <code>INFORMATION</code>, <code>WARNING</code> or <code>ERROR</code>, if
+   * <code>message</code> is <code>null</code>, or if <code>message</code> has
+   * a length of <code>0</code>.
+   */
+  public TextOutputCallback(int messageType, String message)
+    throws IllegalArgumentException
+  {
+    switch (messageType)
+      {
+      case INFORMATION:
+      case WARNING:
+      case ERROR: this.messageType = messageType; break;
+      default: throw new IllegalArgumentException("invalid message type");
+      }
+
+    setMessage(message);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Returns the message's <code>messageType</code>.</p>
+   *
+   * @return the message type (INFORMATION, WARNING or ERROR).
+   */
+  public int getMessageType()
+  {
+    return messageType;
+  }
+
+  /**
+   * <p>Returns the <code>message</code> to be displayed.</p>
+   *
+   * @return the message to be displayed.
+   */
+  public String getMessage()
+  {
+    return message;
+  }
+
+  private void setMessage(String message) throws IllegalArgumentException
+  {
+    if ((message == null) || (message.length() == 0))
+      {
+	throw new IllegalArgumentException("invalid message");
+      }
+    this.message = message;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java b/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java
new file mode 100644
index 00000000000..f5308b9ea0b
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java
@@ -0,0 +1,101 @@
+/* UnsupportedCallbackException.java -- signals an unsupported callback type.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * Signals that a {@link CallbackHandler} does not recognize a particular
+ * {@link Callback}.
+ *
+ */
+public class UnsupportedCallbackException extends Exception
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** @serial */
+  private Callback callback;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Constructs an <code>UnsupportedCallbackException</code> with no detail
+   * message.
+   *
+   * @param callback the unrecognized {@link Callback}.
+   */
+  public UnsupportedCallbackException(Callback callback)
+  {
+    super();
+
+    this.callback = callback;
+  }
+
+  /**
+   * Constructs an <code>UnsupportedCallbackException</code> with the specified
+   * detail message. A detail message is a {@link String} that describes this
+   * particular exception.
+   *
+   * @param callback the unrecognized {@link Callback}.
+   * @param msg the detail message.
+   */
+  public UnsupportedCallbackException(Callback callback, String msg)
+  {
+    super(msg);
+
+    this.callback = callback;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the unrecognized {@link Callback}.
+   *
+   * @return the unrecognized {@link Callback}.
+   */
+  public Callback getCallback()
+  {
+    return this.callback;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/package.html b/libjava/classpath/javax/security/auth/callback/package.html
new file mode 100644
index 00000000000..f927f1c30ed
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.callback package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.callback</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/login/AccountExpiredException.java b/libjava/classpath/javax/security/auth/login/AccountExpiredException.java
new file mode 100644
index 00000000000..74a97a7dd3b
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AccountExpiredException.java
@@ -0,0 +1,64 @@
+/* AccountExpiredException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt was made to login to an account
+ * that has expired.
+ */
+public class AccountExpiredException extends LoginException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -6064064890162661560L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public AccountExpiredException()
+  {
+  }
+
+  public AccountExpiredException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java b/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java
new file mode 100644
index 00000000000..557d3d7f89f
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java
@@ -0,0 +1,135 @@
+/* AppConfigurationEntry.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AppConfigurationEntry
+{
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private final String loginModuleName;
+  private final LoginModuleControlFlag controlFlag;
+  private final Map options;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  public AppConfigurationEntry (final String loginModuleName,
+                                final LoginModuleControlFlag controlFlag,
+                                final Map options)
+  {
+    if (loginModuleName == null || loginModuleName.length() == 0)
+      throw new IllegalArgumentException ("module name cannot be null nor empty");
+    if (LoginModuleControlFlag.OPTIONAL != controlFlag &&
+        LoginModuleControlFlag.REQUIRED != controlFlag &&
+        LoginModuleControlFlag.REQUISITE != controlFlag &&
+        LoginModuleControlFlag.SUFFICIENT != controlFlag)
+      throw new IllegalArgumentException ("invalid controlFlag");
+    if (options == null)
+      throw new IllegalArgumentException ("options cannot be null");
+    this.loginModuleName = loginModuleName;
+    this.controlFlag = controlFlag;
+    this.options = Collections.unmodifiableMap (new HashMap (options));
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public LoginModuleControlFlag getControlFlag()
+  {
+    return controlFlag;
+  }
+
+  public String getLoginModuleName()
+  {
+    return loginModuleName;
+  }
+
+  public Map getOptions()
+  {
+    return options;
+  }
+
+// Inner class.
+  // -------------------------------------------------------------------------
+
+  public static class LoginModuleControlFlag
+  {
+
+    // Constants.
+    // -----------------------------------------------------------------------
+
+    public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag();
+    public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag();
+    public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag();
+    public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag();
+
+    // Constructor.
+    // -----------------------------------------------------------------------
+
+    private LoginModuleControlFlag()
+    {
+    }
+
+    // Instance methods.
+    // -----------------------------------------------------------------------
+
+    public String toString()
+    {
+      StringBuffer buf = new StringBuffer (LoginModuleControlFlag.class.getName());
+      buf.append ('.');
+      if (this == OPTIONAL)
+        buf.append ("OPTIONAL");
+      else if (this == REQUIRED)
+        buf.append ("REQUIRED");
+      else if (this == REQUISITE)
+        buf.append ("REQUISITE");
+      else if (this == SUFFICIENT)
+        buf.append ("SUFFICIENT");
+      else
+        buf.append ("HARVEY_THE_RABBIT");
+      return buf.toString();
+    }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/Configuration.java b/libjava/classpath/javax/security/auth/login/Configuration.java
new file mode 100644
index 00000000000..1e0d272f19e
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/Configuration.java
@@ -0,0 +1,120 @@
+/* Configuration.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+
+import javax.security.auth.AuthPermission;
+
+public abstract class Configuration
+{
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private static Configuration config;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  protected Configuration()
+  {
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  public static synchronized Configuration getConfiguration()
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkPermission (new AuthPermission ("getLoginConfiguration"));
+    if (config == null)
+      {
+        String conf = (String) AccessController.doPrivileged
+          (new PrivilegedAction()
+            {
+              public Object run()
+              {
+                return Security.getProperty ("login.configuration.provider");
+              }
+            });
+        try
+          {
+            if (conf != null)
+              config = (Configuration) Class.forName (conf).newInstance();
+            else
+              config = new NullConfiguration();
+          }
+        catch (Exception x)
+          {
+            config = new NullConfiguration();
+          }
+      }
+    return config;
+  }
+
+  public static synchronized void setConfiguration (Configuration config)
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkPermission (new AuthPermission ("setLoginConfiguration"));
+    Configuration.config = config;
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName);
+
+  public abstract void refresh();
+
+  // Package-private methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the current configuration, bypassing security checks.
+   */
+  static Configuration getConfig()
+  {
+    return config;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java b/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java
new file mode 100644
index 00000000000..03f7ec964a3
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java
@@ -0,0 +1,64 @@
+/* CredentialExpiredException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals an attempt to login with a credential that
+ * has expired.
+ */
+public class CredentialExpiredException extends LoginException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -5344739593859737937L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public CredentialExpiredException()
+  {
+  }
+
+  public CredentialExpiredException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/FailedLoginException.java b/libjava/classpath/javax/security/auth/login/FailedLoginException.java
new file mode 100644
index 00000000000..db975fbdd00
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/FailedLoginException.java
@@ -0,0 +1,63 @@
+/* FailedLoginException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt to login was unsuccessful.
+ */
+public class FailedLoginException extends LoginException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = 802556922354616286L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public FailedLoginException()
+  {
+  }
+
+  public FailedLoginException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/LoginContext.java b/libjava/classpath/javax/security/auth/login/LoginContext.java
new file mode 100644
index 00000000000..8fc2ca75983
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/LoginContext.java
@@ -0,0 +1,253 @@
+/* LoginContext.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import gnu.java.security.action.GetSecurityPropertyAction;
+
+import java.security.AccessController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
+public class LoginContext
+{
+
+  private static final String OTHER = "other";
+
+  private final String name;
+  private final CallbackHandler cbHandler;
+  private final Subject subject;
+  private final AppConfigurationEntry[] entries;
+  private final LoginModule[] modules;
+  private final Map sharedState;
+
+  public LoginContext (final String name) throws LoginException
+  {
+    this (name, new Subject(), defaultHandler());
+  }
+
+  public LoginContext (final String name, final CallbackHandler cbHandler)
+    throws LoginException
+  {
+    this (name, new Subject(), cbHandler);
+  }
+
+  public LoginContext (final String name, final Subject subject)
+    throws LoginException
+  {
+    this (name, subject, defaultHandler());
+  }
+
+  public LoginContext (final String name, final Subject subject,
+                       final CallbackHandler cbHandler)
+    throws LoginException
+  {
+    Configuration config = Configuration.getConfig();
+    AppConfigurationEntry[] entries = config.getAppConfigurationEntry (name);
+    if (entries == null)
+      entries = config.getAppConfigurationEntry (OTHER);
+    if (entries == null)
+      throw new LoginException ("no configured modules for application "
+                                + name);
+    this.entries = entries;
+    modules = new LoginModule[entries.length];
+    sharedState = new HashMap();
+    for (int i = 0; i < entries.length; i++)
+      modules[i] = lookupModule (entries[i], subject, sharedState);
+    this.name = name;
+    this.subject = subject;
+    this.cbHandler = cbHandler;
+  }
+
+  /**
+   * Returns the authenticated subject, or the parameter passed to one
+   * of the constructors. <code>null</code> is returned if the previous
+   * login attempt failed and there was no subject provided.
+   *
+   * @return The subject, or null.
+   */
+  public Subject getSubject()
+  {
+    return subject;
+  }
+
+  /**
+   * Logs a subject in, using all login modules configured for this
+   * application. This method will call the {@link LoginModule#login()}
+   * method of each module configured for this application, stopping
+   * if a REQUISITE module fails or if a SUFFICIENT module succeeds. If
+   * the overall login attempt fails, a {@link LoginException} will be
+   * thrown.
+   *
+   * @throws LoginException If logging in fails.
+   */
+  public void login() throws LoginException
+  {
+    boolean failure = false;
+    for (int i = 0; i < modules.length; i++)
+      {
+        try
+          {
+            boolean result = modules[i].login();
+            if (!result)
+              {
+                if (entries[i].getControlFlag() ==
+                    AppConfigurationEntry.LoginModuleControlFlag.REQUISITE)
+                  throw new LoginException ("REQUISITE module " + entries[i].getLoginModuleName()
+                                            + " failed");
+                else if (entries[i].getControlFlag() ==
+                         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)
+                  failure = true;
+              }
+            else
+              {
+                if (entries[i].getControlFlag() ==
+                    AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT)
+                  break;
+              }
+          }
+        catch (LoginException le)
+          {
+            if (entries[i].getControlFlag() !=
+                AppConfigurationEntry.LoginModuleControlFlag.REQUISITE)
+              continue;
+            for (int j = 0; j < modules.length; j++)
+              modules[i].abort();
+            throw le;
+          }
+      }
+    if (failure)
+      throw new LoginException ("not all REQUIRED modules succeeded");
+
+    for (int i = 0; i < modules.length; i++)
+      modules[i].commit();
+  }
+
+  /**
+   * Logs a subject out, cleaning up any state that may be in memory.
+   *
+   * @throws LoginException If logging out fails.
+   */
+  public void logout() throws LoginException
+  {
+    for (int i = 0; i < modules.length; i++)
+      modules[i].logout();
+  }
+
+  // Own methods.
+
+  /**
+   * Fetch the default callback handler, based on the
+   * auth.login.defaultCallbackHandler property, or null if it is not
+   * set.
+   */
+  private static CallbackHandler defaultHandler()
+  {
+    GetSecurityPropertyAction act =
+      new GetSecurityPropertyAction ("auth.login.defaultCallbackHandler");
+    String classname = (String) AccessController.doPrivileged (act);
+    if (classname != null)
+      {
+        try
+          {
+            return (CallbackHandler) Class.forName (classname).newInstance();
+          }
+        catch (ClassNotFoundException cnfe)
+          {
+            return null;
+          }
+        catch (ClassCastException cce)
+          {
+            return null;
+          }
+        catch (IllegalAccessException iae)
+          {
+            return null;
+          }
+        catch (InstantiationException ie)
+          {
+            return null;
+          }
+      }
+    return null;
+  }
+
+  private LoginModule lookupModule (AppConfigurationEntry entry,
+                                    Subject subject, Map sharedState)
+    throws LoginException
+  {
+    LoginModule module = null;
+    Exception cause = null;
+    try
+      {
+        module = (LoginModule) Class.forName (entry.getLoginModuleName()).newInstance();
+      }
+    catch (ClassNotFoundException cnfe)
+      {
+        cause = cnfe;
+      }
+    catch (ClassCastException cce)
+      {
+        cause = cce;
+      }
+    catch (IllegalAccessException iae)
+      {
+        cause = iae;
+      }
+    catch (InstantiationException ie)
+      {
+        cause = ie;
+      }
+
+    if (cause != null)
+      {
+        LoginException le = new LoginException ("could not load module "
+                                                + entry.getLoginModuleName());
+        le.initCause (cause);
+        throw le;
+      }
+
+    module.initialize (subject, cbHandler, sharedState, entry.getOptions());
+    return module;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/LoginException.java b/libjava/classpath/javax/security/auth/login/LoginException.java
new file mode 100644
index 00000000000..46ec33aed51
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/LoginException.java
@@ -0,0 +1,65 @@
+/* LoginException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * A general exception during authentication and authorization.
+ */
+public class LoginException extends GeneralSecurityException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -4679091624035232488L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public LoginException()
+  {
+  }
+
+  public LoginException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/NullConfiguration.java b/libjava/classpath/javax/security/auth/login/NullConfiguration.java
new file mode 100644
index 00000000000..a3f0c994330
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/NullConfiguration.java
@@ -0,0 +1,62 @@
+/* NullConfiguration.java -- no-op default login configuration.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+final class NullConfiguration extends Configuration
+{
+
+  // Contructor.
+  // -------------------------------------------------------------------------
+
+  NullConfiguration()
+  {
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public AppConfigurationEntry[] getAppConfigurationEntry (String applicationName)
+  {
+    return null;
+  }
+
+  public void refresh()
+  {
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/package.html b/libjava/classpath/javax/security/auth/login/package.html
new file mode 100644
index 00000000000..dcb7710cc21
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.login package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.login</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/package.html b/libjava/classpath/javax/security/auth/package.html
new file mode 100644
index 00000000000..9888552c944
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/spi/LoginModule.java b/libjava/classpath/javax/security/auth/spi/LoginModule.java
new file mode 100644
index 00000000000..00b33c517e4
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/spi/LoginModule.java
@@ -0,0 +1,122 @@
+/* LoginModule.java -- interface for login implementations.
+   Copyright (C) 2004  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.spi;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/**
+ * The base interface for login methods in the Java Authentication and
+ * Authorization Service (JAAS).
+ *
+ * <p>This interface is used by service providers that implement login
+ * services, and is used internally by the JAAS system. It is not useful
+ * to application programmers, who should use the {@link
+ * javax.security.auth.login.LoginContext} instead.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public interface LoginModule
+{
+  /**
+   * Abort the current login attempt. This is called after {@link #login()}
+   * if the overall login attempt fails (that is, if one of the other login
+   * modules that is REQUIRED or REQUISITE fails). This method should clean
+   * up this module's saved state, if any.
+   *
+   * @return True if the abort succeeded, or false if this module should
+   * be ignored.
+   * @throws LoginException If the abort fails.
+   */
+  boolean abort() throws LoginException;
+
+  /**
+   * Commit the current login attempt. This is called after {@link
+   * #login()} if the overall login attempt succeeds (that is, all
+   * methods have satisfied all REQUIRED, REQUISITE, SUFFICIENT and
+   * OPTIONAL module requirements).
+   *
+   * @return True if the commit succeeded, or false if this module
+   * should be ignored.
+   * @throws LoginException If the commit fails.
+   */
+  boolean commit() throws LoginException;
+
+  /**
+   * Initializes this login module. This method is called when the
+   * instance implementing this interface is instantiated, and should
+   * perform any initialization based on the given parameters.
+   * Implementations should ignore state variables and options they do
+   * not recognize.
+   *
+   * @param subject The subject being authenticated.
+   * @param handler The callback handler for user input.
+   * @param sharedState A mapping that is shared between all login
+   * modules.
+   * @param options A mapping of options given to this module.
+   */
+  void initialize(Subject subject, CallbackHandler handler,
+                  Map sharedState, Map options);
+
+  /**
+   * Authenticates a subject to the system. This is the primary
+   * mechanism by which subjects are authenticated, and typically
+   * implementations will ask for credentials (for example, a user
+   * name and password) which will then be verified.
+   *
+   * @return True if the subject was authenticated, or false if this
+   * module should be ignored.
+   * @throws LoginException If this method fails.
+   */
+  boolean login() throws LoginException;
+
+  /**
+   * Logs a subject out. This is primarily used for modules that must
+   * destroy or remove the authentication state associated with a
+   * logged-in subject.
+   *
+   * @return True if the logout succeeds, or false if this module
+   * should be ignored.
+   * @throws LoginException If this method fails.
+   */
+  boolean logout() throws LoginException;
+}
diff --git a/libjava/classpath/javax/security/auth/spi/package.html b/libjava/classpath/javax/security/auth/spi/package.html
new file mode 100644
index 00000000000..9f3de395e92
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/spi/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.spi package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.spi</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/x500/X500Principal.java b/libjava/classpath/javax/security/auth/x500/X500Principal.java
new file mode 100644
index 00000000000..31f870d2650
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/x500/X500Principal.java
@@ -0,0 +1,530 @@
+/* X500Principal.java -- X.500 principal.
+   Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.x500;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.ByteArrayInputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.NotActiveException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Reader;
+import java.io.Serializable;
+import java.io.StringReader;
+
+import java.security.Principal;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+
+public final class X500Principal implements Principal, Serializable
+{
+  private static final long serialVersionUID = -500463348111345721L;
+
+  // Constants and fields.
+  // ------------------------------------------------------------------------
+
+  public static final String CANONICAL = "CANONICAL";
+  public static final String RFC1779 = "RFC1779";
+  public static final String RFC2253 = "RFC2253";
+
+  private static final OID CN         = new OID("2.5.4.3");
+  private static final OID C          = new OID("2.5.4.6");
+  private static final OID L          = new OID("2.5.4.7");
+  private static final OID ST         = new OID("2.5.4.8");
+  private static final OID STREET     = new OID("2.5.4.9");
+  private static final OID O          = new OID("2.5.4.10");
+  private static final OID OU         = new OID("2.5.4.11");
+  private static final OID DC         = new OID("0.9.2342.19200300.100.1.25");
+  private static final OID UID        = new OID("0.9.2342.19200300.100.1.1");
+
+  private transient List components;
+  private transient Map currentRdn;
+  private transient boolean fixed;
+  private transient byte[] encoded;
+
+  // Constructors.
+  // ------------------------------------------------------------------------
+
+  private X500Principal()
+  {
+    components = new LinkedList();
+    currentRdn = new LinkedHashMap();
+    components.add (currentRdn);
+  }
+
+  public X500Principal (String name)
+  {
+    this();
+    if (name == null)
+      throw new NullPointerException();
+    try
+      {
+        parseString (name);
+      }
+    catch (IOException ioe)
+      {
+        IllegalArgumentException iae = new IllegalArgumentException("malformed name");
+        iae.initCause (ioe);
+        throw iae;
+      }
+  }
+
+  public X500Principal (byte[] encoded)
+  {
+    this(new ByteArrayInputStream (encoded));
+  }
+
+  public X500Principal (InputStream encoded)
+  {
+    this();
+    try
+      {
+        parseDer (encoded);
+      }
+    catch (IOException ioe)
+      {
+        throw new IllegalArgumentException (ioe.toString());
+      }
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------------
+
+  public boolean equals(Object o)
+  {
+    if (!(o instanceof X500Principal))
+      return false;
+    if (size() != ((X500Principal) o).size())
+      return false;
+    for (int i = 0; i < size(); i++)
+      {
+        Map m = (Map) components.get (i);
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry e = (Map.Entry) it2.next();
+            OID oid = (OID) e.getKey();
+            String v1 = (String) e.getValue();
+            String v2 = ((X500Principal) o).getComponent (oid, i);
+            if (v2 == null)
+              return false;
+            if (!compressWS (v1).equalsIgnoreCase (compressWS (v2)))
+              return false;
+          }
+      }
+    return true;
+  }
+
+  public byte[] getEncoded()
+  {
+    if (encoded == null)
+      encodeDer();
+    return (byte[]) encoded.clone();
+  }
+
+  public String getName()
+  {
+    return getName (RFC2253);
+  }
+
+  public String getName (final String format)
+  {
+    boolean rfc2253 = RFC2253.equalsIgnoreCase (format) ||
+      CANONICAL.equalsIgnoreCase (format);
+    boolean rfc1779 = RFC1779.equalsIgnoreCase (format);
+    boolean canon   = CANONICAL.equalsIgnoreCase (format);
+    if (! (rfc2253 || rfc1779 || canon))
+      throw new IllegalArgumentException ("unsupported format " + format);
+    StringBuffer str = new StringBuffer();
+    for (Iterator it = components.iterator(); it.hasNext(); )
+      {
+        Map m = (Map) it.next();
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry entry = (Map.Entry) it2.next();
+            OID oid = (OID) entry.getKey();
+            String value = (String) entry.getValue();
+            if (oid.equals (CN))
+              str.append ("CN");
+            else if (oid.equals (C))
+              str.append ("C");
+            else if (oid.equals (L))
+              str.append ("L");
+            else if (oid.equals (ST))
+              str.append ("ST");
+            else if (oid.equals (STREET))
+              str.append ("STREET");
+            else if (oid.equals (O))
+              str.append ("O");
+            else if (oid.equals (OU))
+              str.append ("OU");
+            else if (oid.equals (DC) && rfc2253)
+              str.append ("DC");
+            else if (oid.equals ("UID") && rfc2253)
+              str.append ("UID");
+            else
+              str.append (oid.toString());
+            str.append('=');
+            str.append(value);
+            if (it2.hasNext())
+              str.append('+');
+          }
+        if (it.hasNext())
+          str.append(',');
+      }
+    if (canon)
+      return str.toString().toUpperCase (Locale.US).toLowerCase (Locale.US);
+    return str.toString();
+  }
+
+  public String toString()
+  {
+    return getName (RFC2253);
+  }
+
+  // Serialization methods.
+  // ------------------------------------------------------------------------
+
+  private void writeObject (ObjectOutputStream out) throws IOException
+  {
+    if (encoded != null)
+      encodeDer();
+    out.writeObject (encoded);
+  }
+
+  private void readObject (ObjectInputStream in)
+    throws IOException, NotActiveException, ClassNotFoundException
+  {
+    byte[] buf = (byte[]) in.readObject();
+    parseDer (new ByteArrayInputStream (buf));
+  }
+
+  // Own methods.
+  // -------------------------------------------------------------------------
+
+  private int size()
+  {
+    return components.size();
+  }
+
+  private String getComponent(OID oid, int rdn)
+  {
+    if (rdn >= size())
+      return null;
+    return (String) ((Map) components.get (rdn)).get (oid);
+  }
+
+  private void encodeDer()
+  {
+    ArrayList name = new ArrayList(components.size());
+    for (Iterator it = components.iterator(); it.hasNext(); )
+      {
+        Map m = (Map) it.next();
+        if (m.isEmpty())
+          continue;
+        Set rdn = new HashSet();
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry e = (Map.Entry) it.next();
+            ArrayList atav = new ArrayList(2);
+            atav.add(new DERValue(DER.OBJECT_IDENTIFIER, e.getKey()));
+            atav.add(new DERValue(DER.UTF8_STRING, e.getValue()));
+            rdn.add(new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, atav));
+          }
+        name.add(new DERValue(DER.SET|DER.CONSTRUCTED, rdn));
+      }
+    DERValue val = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, name);
+    encoded = val.getEncoded();
+  }
+
+  private int sep;
+
+  private void parseString(String str) throws IOException
+  {
+    Reader in = new StringReader(str);
+    while (true)
+      {
+        String key = readAttributeType(in);
+        if (key == null)
+          break;
+        String value = readAttributeValue(in);
+        putComponent(key, value);
+        if (sep == ',')
+          newRelativeDistinguishedName();
+      }
+  }
+
+  private String readAttributeType(Reader in) throws IOException
+  {
+    StringBuffer buf = new StringBuffer();
+    int ch;
+    while ((ch = in.read()) != '=')
+      {
+        if (ch == -1)
+          {
+            if (buf.length() > 0)
+              throw new EOFException();
+            return null;
+          }
+        if (ch > 127)
+          throw new IOException("Invalid char: " + (char) ch);
+        if (Character.isLetterOrDigit((char) ch) || ch == '-' || ch == '.')
+          buf.append((char) ch);
+        else
+          throw new IOException("Invalid char: " + (char) ch);
+      }
+    return buf.toString();
+  }
+
+  private String readAttributeValue(Reader in) throws IOException
+  {
+    StringBuffer buf = new StringBuffer();
+    int ch = in.read();
+    if (ch == '#')
+      {
+        while (true)
+          {
+            ch = in.read();
+            if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                || Character.isDigit((char) ch))
+              buf.append((char) ch);
+            else if (ch == '+' || ch == ',')
+              {
+                sep = ch;
+                String hex = buf.toString();
+                return new String(toByteArray(hex));
+              }
+            else
+              throw new IOException("illegal character: " + (char) ch);
+          }
+      }
+    else if (ch == '"')
+      {
+        while (true)
+          {
+            ch = in.read();
+            if (ch == '"')
+              break;
+            else if (ch == '\\')
+              {
+                ch = in.read();
+                if (ch == -1)
+                  throw new EOFException();
+                if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                    || Character.isDigit((char) ch))
+                  {
+                    int i = Character.digit((char) ch, 16) << 4;
+                    ch = in.read();
+                    if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                          || Character.isDigit((char) ch)))
+                      throw new IOException("illegal hex char");
+                    i |= Character.digit((char) ch, 16);
+                    buf.append((char) i);
+                  }
+                else
+                  buf.append((char) ch);
+              }
+            else
+              buf.append((char) ch);
+          }
+        sep = in.read();
+        if (sep != '+' || sep != ',')
+          throw new IOException("illegal character: " + (char) ch);
+        return buf.toString();
+      }
+    else
+      {
+        while (true)
+          {
+            switch (ch)
+              {
+              case '+':
+              case ',':
+                sep = ch;
+                return buf.toString();
+              case '\\':
+                ch = in.read();
+                if (ch == -1)
+                  throw new EOFException();
+                if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                    || Character.isDigit((char) ch))
+                  {
+                    int i = Character.digit((char) ch, 16) << 4;
+                    ch = in.read();
+                    if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                          || Character.isDigit((char) ch)))
+                      throw new IOException("illegal hex char");
+                    i |= Character.digit((char) ch, 16);
+                    buf.append((char) i);
+                  }
+                else
+                  buf.append((char) ch);
+                break;
+              case '=':
+              case '<':
+              case '>':
+              case '#':
+              case ';':
+                throw new IOException("illegal character: " + (char) ch);
+              case -1:
+                throw new EOFException();
+              default:
+                buf.append((char) ch);
+              }
+          }
+      }
+  }
+
+  private void parseDer (InputStream encoded) throws IOException
+  {
+    DERReader der = new DERReader (encoded);
+    DERValue name = der.read();
+    if (!name.isConstructed())
+      throw new IOException ("malformed Name");
+    this.encoded = name.getEncoded();
+    int len = 0;
+    while (len < name.getLength())
+      {
+        DERValue rdn = der.read();
+        if (!rdn.isConstructed())
+          throw new IOException ("badly formed RDNSequence");
+        int len2 = 0;
+        while (len2 < rdn.getLength())
+          {
+            DERValue atav = der.read();
+            if (!atav.isConstructed())
+              throw new IOException ("badly formed AttributeTypeAndValue");
+            DERValue val = der.read();
+            if (val.getTag() != DER.OBJECT_IDENTIFIER)
+              throw new IOException ("badly formed AttributeTypeAndValue");
+            OID oid = (OID) val.getValue();
+            val = der.read();
+            if (!(val.getValue() instanceof String))
+              throw new IOException ("badly formed AttributeTypeAndValue");
+            String value = (String) val.getValue();
+            putComponent(oid, value);
+            len2 += atav.getEncodedLength();
+          }
+        len += rdn.getEncodedLength();
+        if (len < name.getLength())
+          newRelativeDistinguishedName();
+      }
+  }
+
+  private void newRelativeDistinguishedName()
+  {
+    currentRdn = new LinkedHashMap();
+    components.add(currentRdn);
+  }
+
+  private void putComponent(OID oid, String value)
+  {
+    currentRdn.put(oid, value);
+  }
+
+  private void putComponent(String name, String value)
+  {
+    name = name.trim().toLowerCase();
+    if (name.equals("cn"))
+      putComponent(CN, value);
+    else if (name.equals("c"))
+      putComponent(C, value);
+    else if (name.equals("l"))
+      putComponent(L, value);
+    else if (name.equals("street"))
+      putComponent(STREET, value);
+    else if (name.equals("st"))
+      putComponent(ST, value);
+    else if (name.equals("dc"))
+      putComponent(DC, value);
+    else if (name.equals("uid"))
+      putComponent(UID, value);
+    else
+      putComponent(new OID(name), value);
+  }
+
+  private static String compressWS(String str)
+  {
+    StringBuffer buf = new StringBuffer();
+    char lastChar = 0;
+    for (int i = 0; i < str.length(); i++)
+      {
+        char c = str.charAt(i);
+        if (Character.isWhitespace(c))
+          {
+            if (!Character.isWhitespace(lastChar))
+              buf.append(' ');
+          }
+        else
+          buf.append(c);
+        lastChar = c;
+      }
+    return buf.toString().trim();
+  }
+
+  private static byte[] toByteArray (String str)
+  {
+    int limit = str.length();
+    byte[] result = new byte[((limit + 1) / 2)];
+    int i = 0, j = 0;
+    if ((limit % 2) == 1)
+      {
+        result[j++] = (byte) Character.digit (str.charAt(i++), 16);
+      }
+    while (i < limit)
+      {
+        result[j  ]  = (byte) (Character.digit (str.charAt(i++), 16) << 4);
+        result[j++] |= (byte)  Character.digit (str.charAt(i++), 16);
+      }
+    return result;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java b/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java
new file mode 100644
index 00000000000..8cba93c6f77
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java
@@ -0,0 +1,149 @@
+/* X500PrivateCredential.java -- certificate and private key pair.
+   Copyright (C) 2003, 2004  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.x500;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.Destroyable;
+
+/**
+ * A pairing of a {@link X509Certificate} and its corresponding {@link
+ * PrivateKey}, with an optional keystore alias.
+ */
+public final class X500PrivateCredential implements Destroyable
+{
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private PrivateKey key;
+  private X509Certificate certificate;
+  private String alias;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Creates a new private credential with no associated keystore alias.
+   *
+   * @param certificate The X.509 certificate.
+   * @param key The private key.
+   * @throws IllegalArgumentException If either parameter is null.
+   */
+  public X500PrivateCredential (X509Certificate certificate, PrivateKey key)
+  {
+    if (certificate == null || key == null)
+      throw new IllegalArgumentException();
+    this.certificate = certificate;
+    this.key = key;
+  }
+
+  /**
+   * Creates a new private credential with a keystore alias.
+   *
+   * @param certificate The X.509 certificate.
+   * @param key The private key.
+   * @param alias The keystore alias for this credential.
+   * @throws IllegalArgumentException If any parameter is null.
+   */
+  public X500PrivateCredential (X509Certificate certificate, PrivateKey key,
+                                String alias)
+  {
+    this (certificate, key);
+    if (alias == null)
+      throw new IllegalArgumentException();
+    this.alias = alias;
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns the certificate of this credential.
+   *
+   * @return The certificate of this credential.
+   */
+  public X509Certificate getCertificate()
+  {
+    return certificate;
+  }
+
+  /**
+   * Returns the private key of this credential.
+   *
+   * @return The private key of this credential.
+   */
+  public PrivateKey getPrivateKey()
+  {
+    return key;
+  }
+
+  /**
+   * Returns the keystore alias of this credential, or null if not present.
+   *
+   * @return The keystore alias, or null.
+   */
+  public String getAlias()
+  {
+    return alias;
+  }
+
+  /**
+   * Destroy the sensitive data of this credential, setting the certificate,
+   * private key, and keystore alias to null.
+   */
+  public void destroy()
+  {
+    certificate = null;
+    key = null;
+    alias = null;
+  }
+
+  /**
+   * Tells whether or not this credential has been destroyed, and that
+   * the certificate and private key fields are null.
+   *
+   * @return True if this object has been destroyed.
+   */
+  public boolean isDestroyed()
+  {
+    return certificate == null && key == null;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/x500/package.html b/libjava/classpath/javax/security/auth/x500/package.html
new file mode 100644
index 00000000000..449be814fa8
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/x500/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.x500 package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.x500</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>