You can configure a JAAS configuration (system.WEB_INBOUND) with a custom login module
for Liberty by editing the configuration. You
do not have to configure JAAS unless you want to customize it.
Before you begin
For a description of the underlying process of configuring a server, and detailed information
about specific aspects of server configuration, see Administering Liberty manually.
Avoid trouble: The developer tools creates the reference to a JAAS
login module using the
loginModuleRef
element. You must change it and use the
loginModuleRef attribute of
jaasLoginContextEntry
element.
There are several security configuration examples on the Open Liberty website for reference when configuring security for your applications on Liberty.
Procedure
-
Select JAAS Login Context Entry and click Add,
then enter the login module names.
In this example, the custom login module
myCustom is
added at the beginning of the login process. The system provided login modules
(
hashtable,
userNameAndPassword,
certificate,
token) are required.
-
Select JAAS Login Module: myCustom and configure your custom login
module by entering the ID and the Class name, then
click the arrow next to the Add button and select Global
Element to enter the shared library information.
In this example, the
ID that corresponds to the name
of your custom login module is
myCustom.
-
Enter the ID for the shared library in the popup window and click
OK.
In this example, the
ID corresponds to the name of
the shared library,
customLoginLib.
-
Configure Name and Description fields for the
shared library, then click the arrow next to the Add button and select
Child Element to add a Fileset reference as a child
element.
-
Configure the Fileset.
Click Browse in the Base Directory field and
select the directory where the JAR file is located. Then, click Browse in the
Includes pattern field to select your JAR file that contains your custom
login module implementation.
In this example, the custom login module implementation JAR file is
CustomLoginModule.jar and located under the
${server.config.dir}
directory.
- Optional:
If your custom login module needs any options, you can right-click JAAS Login
Module, select Add and then select login module
options.
-
Save the configuration. You can find the following configuration saved in the
server.xml file.
<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND">
<loginModuleRef>myCustom, hashtable, userNameAndPassword, certificate, token</loginModuleRef>
</jaasLoginContextEntry>
<jaasLoginModule className="com.sample.CustomLoginModule"
id="myCustom" libraryRef="customLoginLib">
</jaasLoginModule>
<library id="customLoginLib" name="customLoginLib"
description="Custom login module shared library">
<fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>
-
Required: To make the configuration work, you must change the
jaasLoginContextEntry
element to include the loginModuleRef
attribute. You must remove the loginModuleRef
element and add it as an attribute of
the jaasLoginContextEntry
element.
Here is an example of configuration using the loginModuleRef attribute.
<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND"
loginModuleRef="myCustom, hashtable, userNameAndPassword, certificate, token" />
<jaasLoginModule className="com.sample.CustomLoginModule"
id="myCustom" libraryRef="customLoginLib">
</jaasLoginModule>
<library id="customLoginLib" name="customLoginLib"
description="Custom login module shared library">
<fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>