Please review the code changes at http://cr.openjdk.java.net/~weijun/8047789/webrev.03/
LoginContext is updated to use ServiceLoader to load configured LoginModules, and fallback to reflection if it cannot find one. Please notice that the fix does not include configuration of existing LoginModules since the current jdk9/dev module system does not support multiple modules implementing the same interface. Suppose it does, these 2 extra files will do the configuration: src/jdk.security.auth/META-INF/services/javax.security.auth.spi.LoginModule com.sun.security.auth.module.Krb5LoginModule com.sun.security.auth.module.UnixLoginModule com.sun.security.auth.module.JndiLoginModule com.sun.security.auth.module.KeyStoreLoginModule com.sun.security.auth.module.LdapLoginModule com.sun.security.auth.module.NTLoginModule src/java.management/META-INF/services/javax.security.auth.spi.LoginModule com.sun.jmx.remote.security.FileLoginModule I am hearing that jigsaw will provide a new way for service configuration. Compatibility issue: Before this code change, any class that includes the necessary methods (initialize, login, logout, abort, commit) can be configured as a login module, which does not necessarily implement the LoginModule interface itself. After this code change, it must implement the interface. We might need to update the JAAS programming guide in Java SE documentation to describe the new loading mechanism. Thanks Max