You can develop a JASPIC provider to authenticate inbound web requests by using the
com.ibm.wsspi.security.jaspi.ProviderService interface that is provided in the Liberty server.
About this task
The Java™ Authentication SPI for Containers specification,
JSR 196, defines an interface for authentication providers. In the Liberty server, you must package your JASPIC
provider as a user feature. Your feature must implement the
com.ibm.wsspi.security.jaspi.ProviderService interface.
Procedure
- Create an OSGi component that provides a service that implements
the com.ibm.wsspi.security.jaspi.ProviderService interface.
The ProviderService interface defines method,
getAuthConfigProvider, which the Liberty run time invokes to retrieve an instance
of your JASPIC provider class that implements the
javax.security.auth.message.config.AuthConfigProvider interface.
The
following example uses OSGi declarative services annotations:
@package com.mycompany.jaspi;
import java.util.Map;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import org.osgi.service.component.ComponentContext;
import com.mycompany.jaspi.SampleAuthConfigProvider;
import com.ibm.wsspi.security.jaspi.ProviderService;
@Component(service = { ProviderService.class },
configurationPolicy = ConfigurationPolicy.IGNORE,
immediate = true,
property = { "myPoviderPoperty1=value1",
"myPoviderPoperty2=value2"})
public class SampleJaspiProviderService implements ProviderService {
Map<String, String> configProps = null;
// This method called by the Liberty runtime
// to get an instance of AuthConfigProvider
@Override
public AuthConfigProvider getAuthConfigProvider(Map<String, String>,
AuthConfigFactory factory)
{
return new SampleAuthConfigProvider(configProps, factory);
}
protected void activate(ComponentContext cc) {
// Read provider config properties here if needed,
// then pass them to the AuthConfigProvider factory.
// This example reads the properties from the OSGi
// component definition.
configProps = (Map<String, String>) cc.getProperties();
}
protected void deactivate(ComponentContext cc) {}
}
- Package the component into an OSGi bundle that is part
of your user feature, along with your JASPIC authentication provider.
- Ensure that your feature includes the OSGi subsystem content: com.ibm.websphere.appserver.jaspic-1.1;
type="osgi.subsystem.feature".
- After the feature is installed into the user product extension
location, configure the server.xml file with
the feature name. For example:
<featureManager>
...
<feature>usr:myJaspiProvider</feature>
</featureManager>