To authenticate your component, you must first Create a LoginModule class for the systems your component accesses. Creation and use of loginModule classes is described in the Sun Microsystems LoginModule Developer's Guide and the JAAS Authentication Tutorial.
The FileNet P8 Platform already provides working samples of these classes for the Process and Content Engines. Both of the FileNet-Supplied LoginModule classes are designed to read entries from login configuration files, as described in com.sun.security.auth.login.ConfigFile.html. The JAAS Login Configuration File that the CE_Operations component uses is named taskman.login.config, and this file is installed in one of the following directories:
- <FileNet Installation Directory>/Workplace/WEB-INF/lib (on your Application Engine server).
- <FileNet Installation Directory>/IDM/pwbin (on your FileNet web server).
- <FileNet Installation Directory>/IDM/pwbin (on your FileNet web server).
You must have a LoginContext section for the login configuration contexts that your loginModule will use in your taskman.login.config file. For the CE_Operations component, this is done automatically with your installation, so there is already a LoginContext named "CELogin" in the taskman.login.config file which identifies and locates program module or modules that are used for logins, as follows:
CELogin
{
filenet.vw.server.VWLoginModule required routerurl="localhost:32771/vwrouter";
com.filenet.wcm.toolkit.server.operations.util.CELoginModule required credTag=Clear;
} ;Notes
- The login configuration context value "CELogin" would need to be entered in the JAAS credentials section of the Add Component Queue Wizard.
- For additional detail on the structure and parts of a JAAS Login Configuration File entry, refer to the JAAS Login Configuration File topic in the the Sun Microsystems security tutorial.
- The LoginModules in above login configuration context are the
VWLoginModule
for the Process Engine (first line) andthe CELoginModule
for the Content Engine (second line).- The "required" argument on each line is a flag specifying that
VWLoginModule
andCELoginModule
will succeed only if the name and password supplied by the user (in the JAAS credentials section of the Add Component Queue Wizard) are the ones the LoginModules expect.- The "routerurl" entry must match the Process Router specified for your Router site preferences.
- The "
credTag=Clear"
key-value LoginModule option argument for the CELoginModule is a session credential option defined in theCELoginModule
class. For information on allowable session credential options, refer to the description of credential fields in the Content Java API Javadocs for the Session Object.For general information on LoginModules and login configuration (login.config) files, you may refer to the following documents:
- The Sun Microsystems' abstract class Configuration Javadoc Provides additional information on the standard flags that control the overall authentication behavior.
- The Sun Microsystems documentation on Example Login Configurations Provides information on JAAS authentication and a complete example of another JAAS login configuration (login.config) file.