Configuring JAAS on Liberty by using developer tools

You can configure a JAAS configuration (system.WEB_INBOUND) with a custom login module for Liberty by editing the configuration. You do not have to configure JAAS unless you want to customize it.

Before you begin

For a description of the underlying process of configuring a server, and detailed information about specific aspects of server configuration, see Administering Liberty manually.

Avoid trouble: The developer tools creates the reference to a JAAS login module using the loginModuleRef element. You must change it and use the loginModuleRef attribute of jaasLoginContextEntry element. There are several security configuration examples on the Open Liberty website for reference when configuring security for your applications on Liberty.

Procedure

Select JAAS Login Context Entry and click Add, then enter the login module names.
In this example, the custom login module myCustom is added at the beginning of the login process. The system provided login modules (hashtable, userNameAndPassword, certificate, token) are required.
Select JAAS Login Module: myCustom and configure your custom login module by entering the ID and the Class name, then click the arrow next to the Add button and select Global Element to enter the shared library information.
In this example, the ID that corresponds to the name of your custom login module is myCustom.
Enter the ID for the shared library in the popup window and click OK.
In this example, the ID corresponds to the name of the shared library, customLoginLib.
Configure Name and Description fields for the shared library, then click the arrow next to the Add button and select Child Element to add a Fileset reference as a child element.
Configure the Fileset.
Click Browse in the Base Directory field and select the directory where the JAR file is located. Then, click Browse in the Includes pattern field to select your JAR file that contains your custom login module implementation.

In this example, the custom login module implementation JAR file is CustomLoginModule.jar and located under the ${server.config.dir} directory.
Optional: If your custom login module needs any options, you can right-click JAAS Login Module, select Add and then select login module options.

Save the configuration. You can find the following configuration saved in the server.xml file.

<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND">
   	<loginModuleRef>myCustom, hashtable, userNameAndPassword, certificate, token</loginModuleRef>
 </jaasLoginContextEntry>

<jaasLoginModule className="com.sample.CustomLoginModule" 
                 id="myCustom" libraryRef="customLoginLib">
</jaasLoginModule>

<library id="customLoginLib" name="customLoginLib" 
         description="Custom login module shared library">
    <fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>

Required: To make the configuration work, you must change the jaasLoginContextEntry element to include the loginModuleRef attribute. You must remove the loginModuleRef element and add it as an attribute of the jaasLoginContextEntry element.

Here is an example of configuration using the loginModuleRef attribute.

<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND" 
               loginModuleRef="myCustom, hashtable, userNameAndPassword, certificate, token" />

<jaasLoginModule className="com.sample.CustomLoginModule" 
                 id="myCustom" libraryRef="customLoginLib">
</jaasLoginModule>

<library id="customLoginLib" name="customLoginLib" 
                             description="Custom login module shared library">
    <fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>