Developing extensions to the Liberty security infrastructure
The Liberty server provides various plug-in points so that you can extend the security infrastructure.
Subtopics
- Developing a custom TAI for Liberty
You can develop a custom trust association interceptor (TAI) class by implementing the com.ibm.wsspi.security.tai.TrustAssociationInterceptor interface provided in the Liberty server. Customizing user registries or repositories for Liberty
User registries and repositories perform security-related functions, including authentication and authorization. You can define either a custom user registry or a custom user repository by implementing the Liberty service programming interfaces (SPIs).- Developing JAAS custom login modules for a system login configuration
For a Liberty server, multiple Java™ Authentication and Authorization Service (JAAS) plug-in points exist for configuring system logins. Liberty uses system login configurations to authenticate incoming requests. You can develop a custom JAAS login module to add information to the Subject of a system login configuration. - Developing a custom JASPIC authentication provider for Liberty
You can develop a custom Java Authentication SPI for Containers (JASPIC) authentication provider by creating classes that implement the required interfaces noted in the JSR 196: Java Authentication Service Provider Interface for Containers specification. - Developing a Java Authorization Contract for Containers (JACC) Authorization Provider
You can develop a JACC provider to have custom authorization decisions for Java Platform, Enterprise Edition (J2EE) applications by implementing the com.ibm.wsspi.security.authorization.jacc.ProviderService interface that is provided in the Liberty server. - Developing a customPasswordEncryption Provider
You can develop a customPasswordEncryption provider to have custom authorization decisions for Java Platform, Enterprise Edition (J2EE) applications by implementing the com.ibm.wsspi.security.crypto.CustomPasswordEncryption interface that is provided in the Liberty server. - Customizing an application login to perform an identity assertion by using JAAS
You can use the Java Authentication and Authorization Service (JAAS) login framework to create a JAAS login configuration that can be used to perform login to an identity assertion on Liberty. - Developing JAAS custom login modules for database authentication
You can develop a Java Authentication and Authorization Service (JAAS) custom login module for adding a user name and password to authenticate to a database. - Developing a programmatic login for obtaining authentication data
You can use the Java Authentication and Authorization Service (JAAS) login framework to obtain the authentication data from your application. - Developing a custom thread identity service
You can develop a custom thread identity service class by implementing the com.ibm.wsspi.kernel.security.thread.ThreadIdentityService interface that is provided in the Liberty server. The ThreadIdentityService interface is a Service Programming Interface (SPI) that enables support to receive notifications of user identity switches.
Parent topic: Securing Liberty and its applications


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-libcore-mp&topic=twlp_sec_extending
File name: twlp_sec_extending.html