JAAS configuration information can be configured in a JAAS configuration
file.
About this task
We support the server.xml file, client.xml file and the
JAAS configuration file for JAAS configuration. However, it is suggested to configure the JAAS
custom login module in the server.xml file or client.xml
file. For further details about configuring the JAAS custom login module, see Configuring a JAAS custom login module for Liberty.
The Liberty server reads the JAAS
configuration file for an application JAAS custom login context entry and login module. The changes
that are made to the JAAS configuration file are used by the local application and take effect after
the application server is restarted. The JAAS configuration in the server.xml
file takes precedence over what is defined in the JAAS configuration file. A configuration entry in
the JAAS configuration file is overridden by an entry of the same alias name in the
server.xml file.
To configure a JAAS custom login module, complete the following steps:
Procedure
-
Enable the
appSecurity-2.0
Liberty feature in the
server.xml file.
<featureManager>
<feature>appSecurity-2.0</feature>
...
</featureManager>
-
Create a JAAS custom login module class.
For example, com.sample.CustomLoginModule
that implements the
LoginModule
interface and package it into the
CustomLoginModule.jar file.
-
Create the default jaas directory.
- For the server
- ${server.config.dir}/resources/security/jaas
- For the client
- ${client.config.dir}/resources/security/jaas
Note: All JAAS custom login modules that are specified in the JAAS configuration file must place in
the default jaas directory.
-
Place the CustomLoginModule.jar file in the default jaas
directory.
-
Create a JAAS configuration file.
For example, create a
myJaas.conf file and place it in the
${server.config.dir}/resources/security/jaas directory that has the following
content:
myCustomLoginContext {
com.sample.CustomLoginModule required myOption1="value1" myOption2="value2";
};
-
Configure the JAAS configuration file using the jvm.options file.
For
example,
-Djava.security.auth.login.config=${server.config.dir}/resources/security/jaas/myJaas.conf
Note: We
only support the application custom JAAS login module in the JAAS configuration file. Do not put the
default system JAAS configuration information in the JAAS configuration file.
Note: The JAAS
configuration file is not dynamically updated if you made any changes. We strongly recommend
configuring the JAAS configuration information in the server.xml file or
client.xml file.