You can configure a JAAS configuration (system.WEB_INBOUND)
with a custom login module for the Liberty profile by editing the
configuration. You do not have to configure JAAS unless you want to
customize it.
Before you begin
For a description of the underlying process of configuring
a server, and detailed information about specific aspects of server
configuration, see Administering the Liberty profile manually.
Avoid trouble: The developer tools creates
the reference to a JAAS login module using the
loginModuleRef element.
You must change it and use the
loginModuleRef attribute
of
jaasLoginContextEntry element.
There are several security configuration examples on the wasdev.net website for reference when configuring security for your applications on the Liberty profile.
Procedure
- Select JAAS Login Context Entry and
click Add, then enter the login module names. In this example, the custom login module myCustom is
added at the beginning of the login process. The system provided login
modules (hashtable, userNameAndPassword, certificate, token)
are required.
- Select JAAS Login Module: myCustom and
configure your custom login module by entering the ID and
the Class name, then click the arrow beside
the Add button and select Global
Element to enter the shared library information. In this example, the ID that
corresponds to the name of your custom login module is myCustom.
- Enter the ID for the shared library
in the pop-up panel and click OK. In this example, the ID corresponds
to the name of the shared library, customLoginLib.
- Configure Name and Description fields
for the shared library, then click the arrow beside the Add button
and select Child Element to add a Fileset reference
as a child element.
- Configure the Fileset. Click Browse in
the Base Directory field and select the directory
where the JAR file is located. Then, click Browse in
the Includes pattern field to select your JAR
file that contains your custom login module implementation. In this example, the custom login module
implementation JAR file is CustomLoginModule.jar and
located under the ${server.config.dir} directory.
- Optional: If your custom login module needs
any options, you can right-click JAAS Login Module,
select Add and then select login
module options.
- Save the configuration. You can find the following configuration
saved in the server.xml file.
<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND">
<loginModuleRef>myCustom, hashtable, userNameAndPassword, certificate, token</loginModuleRef>
</jaasLoginContextEntry>
<jaasLoginModule className="com.sample.CustomLoginModule"
id="myCustom" libraryRef="customLoginLib">
</jaasLoginModule>
<library id="customLoginLib" name="customLoginLib"
description="Custom login module shared library">
<fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>
- Required: To make the configuration work, you must
change the jaasLoginContextEntry element to include
the loginModuleRef attribute. You must remove
the loginModuleRef element and add it as an attribute
of the jaasLoginContextEntry element.
Here
is an example of configuration using the loginModuleRef attribute.
<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND"
loginModuleRef="myCustom, hashtable, userNameAndPassword, certificate, token" />
<jaasLoginModule className="com.sample.CustomLoginModule"
id="myCustom" libraryRef="customLoginLib">
</jaasLoginModule>
<library id="customLoginLib" name="customLoginLib"
description="Custom login module shared library">
<fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>