You can configure the Liberty
application client container to use a custom Java™
Authentication and Authorization Service (JAAS) login module.
Before you begin
Make sure that you have a JAR file that contains the JAAS custom login module, which
implements the javax.security.auth.spi.LoginModule
interface.
About this task
You can use a custom login module to either make extra authentication decisions or add
information to the subject to make finer-grained authorization decisions inside your application. To
configure a JAAS custom login module, complete the following steps.
Procedure
- Add the
appSecurityClient-1.0
feature to your
client.xml file.
<feature>appSecurityClient-1.0</feature>
- Create a class
com.sample.CustomLoginModule
that implements the
LoginModule
interface and package it into the
CustomLoginModule.jar file.
- Create a
<library>
element that uses a
<fileset>
element that indicates where the
CustomLoginModule.jar file is. In this example, the file is in the client's
configuration directory, and the library ID is customLoginLib
.
<library id="customLoginLib">
<fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
</library>
- Create a
<jaasLoginModule>
element. In this example, the ID is
myCustom
.
- Configure the custom login module to require a successful authentication by setting
the
controlFlag
attribute to REQUIRED.
- Set the
libraryRef
attribute to
customLoginLib, the ID of the <library>
element that
is configured in the previous step.
<jaasLoginModule id="myCustom" className="com.sample.CustomLoginModule" controlFlag="REQUIRED" libraryRef="customLoginLib"/>
- Create a
<jaasLogincontextEntry>
element with the ID and name of
the system-defined JAAS configuration on the application client container:
ClientContainer
. You can also set this JAAS configuration to
WSLogin
, or your own JAAS configuration. In the
loginModuleRef
attribute, add
proxy
, the default ID for the
proxy login
module, and
myCustom
, the ID of the
jaasLoginModule
element
that is created in the previous
step.
<jaasLoginContextEntry id="ClientContainer" name="ClientContainer"
loginModuleRef="proxy, myCustom"/>
No further configuration
is needed to enable the proxy login module on the client container.