Configuring a JAAS programmatic login on the Liberty application client container
The Liberty application client container can be configured to use a JAAS programmatic login.
Before you begin
About this task
The JAAS login configuration
specifies how and which login modules are used for authentication. Here are the JAAS login
configurations that are provided by Liberty
on the client:
- WSLogin JAAS login configuration: A generic JAAS login configuration that a Liberty application client container application can use to perform authentication that is based on a user ID and password. However, this configuration does not support the CallbackHandler handler that is specified in the deployment descriptor of the client application module.
- ClientContainer JAAS login configuration: This JAAS login configuration
recognizes the CallbackHandler handler that is specified in the client application
module's deployment descriptor, if one is specified. If a handler is not specified in the deployment
descriptor, then the handler that was specified programmatically is used.
The login modules that are specified by the JAAS login configuration implement a certain authentication technology. A login module can gather credentials from the user by using the javax.security.auth.callback.CallbackHandler interface. Liberty provides a non-prompt implementation of the CallbackHandler interface, which is called com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl. This implementation enables an application developer to specify the credentials directly in the application without having to prompt the user. There are two ways to specify your CallbackHandler implementation:
- Specify your implementation programmatically, as an argument to the
javax.security.auth.login.LoginContext constructor; for
example:
LoginContext logincontext = new LoginContext("ClientContainer", new WSCallbackHandlerImpl("user", "password"));
- Specify your implementation name in the client application module's deployment descriptor
(application-client.xml); for
example:
<callbackhandler>com.acme.callbackhandler.WSCallbackHandlerImpl/<callbackhandler>
- Specify your implementation programmatically, as an argument to the
javax.security.auth.login.LoginContext constructor; for
example:
Note: The WSLogin login configuration does not recognize the second option of specifying a
CallbackHandler handler in the deployment descriptor.