You can configure the Liberty
application client container to use a custom Java™
Authentication and Authorization Service (JAAS) login module.
Before you begin
Make sure that you have a JAR file that contains the JAAS
custom login module, which implements the
javax.security.auth.spi.LoginModule interface.
About this task
You can use a custom login module to either make additional
authentication decisions or add information to the subject to make
finer-grained authorization decisions inside your application. To
configure a JAAS custom login module, complete the following steps.
Procedure
- Add the appSecurityClient-1.0 feature
to your client.xml file.
<feature>appSecurityClient-1.0</feature>
- Create a class com.sample.CustomLoginModule that
implements the LoginModule interface and package
it into the CustomLoginModule.jar file.
- Create a <library> element that
uses a <fileset> element that indicates where
the CustomLoginModule.jar file is. In this example,
the file is in the client's configuration directory, and the library
id is customLoginLib.
<library id="customLoginLib">
<fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>
- Create a <jaasLoginModule> element.
In this example, the id is myCustom.
- Configure the custom login module to require a successful
authentication by setting the controlFlag attribute
to REQUIRED.
- Set the libraryRef attribute to customLoginLib,
the id of the <library> element that is configured
in the previous step.
<jaasLoginModule id="myCustom" className="com.sample.CustomLoginModule" controlFlag="REQUIRED" libraryRef="customLoginLib"/>
- Create a <jaasLogincontextEntry> element
with the id and name of the system-defined JAAS configuration on the
application client container: ClientContainer. You
can also set this JAAS configuration to WSLogin,
or your own JAAS configuration. In the loginModuleRef attribute,
add proxy, the id for the proxy
login module and myCustom, the id of the jaasLoginModule element
that is created in the previous step.
<jaasLoginContextEntry id="ClientContainer" name="ClientContainer"
loginModuleRef="proxy, myCustom"/>