You can develop a JASPIC provider to authenticate inbound
web requests by using the com.ibm.wsspi.security.jaspi.ProviderService interface
that is provided in the Liberty server.
About this task
The Java™ Authentication
SPI for Containers specification, JSR
196, defines an interface for authentication providers. In
the Liberty server, you must package your JASPIC provider
as a user feature. Your feature must implement the com.ibm.wsspi.security.jaspi.ProviderService interface.
Procedure
- Create an OSGi component that provides a service that implements
the com.ibm.wsspi.security.jaspi.ProviderService interface.
The ProviderService interface defines method, getAuthConfigProvider,
which the Liberty run time invokes to retrieve an instance
of your JASPIC provider class that implements the javax.security.auth.message.config.AuthConfigProvider interface.
The
following example uses OSGi declarative services annotations:
@package com.mycompany.jaspi;
import java.util.Map;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import org.osgi.service.component.ComponentContext;
import com.mycompany.jaspi.SampleAuthConfigProvider;
import com.ibm.wsspi.security.jaspi.ProviderService;
@Component(service = { ProviderService.class },
configurationPolicy = ConfigurationPolicy.IGNORE,
immediate = true,
property = { "myPoviderPoperty1=value1",
"myPoviderPoperty2=value2"})
public class SampleJaspiProviderService implements ProviderService {
Map<String, String> configProps = null;
// This method called by the Liberty runtime
// to get an instance of AuthConfigProvider
@Override
public AuthConfigProvider getAuthConfigProvider(Map<String, String>,
AuthConfigFactory factory)
{
return new SampleAuthConfigProvider(configProps, factory);
}
protected void activate(ComponentContext cc) {
// Read provider config properties here if needed,
// then pass them to the AuthConfigProvider factory.
// This example reads the properties from the OSGi
// component definition.
configProps = (Map<String, String>) cc.getProperties();
}
protected void deactivate(ComponentContext cc) {}
}
- Package the component into an OSGi bundle that is part
of your user feature, along with your JASPIC authentication provider.
- Ensure that your feature includes the OSGi subsystem content: com.ibm.websphere.appserver.jaspic-1.1;
type="osgi.subsystem.feature".
- After the feature is installed into the user product extension
location, configure the server.xml file with
the feature name. For example:
<featureManager>
...
<feature>usr:myJaspiProvider</feature>
</featureManager>