Configuration entry settings for JAAS

Configuration entry settings for JAAS

+
Search Tips | Advanced Search

Use this page to specify a list of JAAS login configurations for the application code to use, including J2EE components such as...

enterprise beans
JavaServer Pages files
servlets
resource adapters
message-driven beans

To view this console page...

Click...
Security | Secure administration, applications, and infrastructure | Authentication | Java Authentication and Authorization Service | Application logins

Read the JAAS specifications before you begin defining additional login modules for authenticating to the appserver security run time.
You can define additional login configurations for your applications.
If the appserver LoginModule...
com.ibm.ws.security.common.auth.module.WSLoginModuleImpl

...is not used, or the LoginModule module does not produce a credential that is recognized by the appserver, the appserver security run time cannot use the authenticated subject from these login configurations for an authorization check for resource access.
Invoke Java client programs that use JAAS for authentication with a JAAS configuration file that is specified.
The appserver supplies the default JAAS configuration file...
APP_SERVER_ROOT/properties/wsjaas_client.conf

This configuration file is set in..
APP_SERVER_ROOT/bin/launchClient.bat

...as...
set JAAS_LOGIN_CONFIG=-Djava.security.auth.login.config=%app_server_root%\properties\wsjaas_client.conf

Configuration tab

ClientContainer

Login configuration used by the client container application, which uses the CallbackHandler API that is defined in the client container deployment descriptor.

The ClientContainer configuration is the default login configuration for the appserver. Do not remove this default, as other applications that use it fail.

Default: ClientContainer

DefaultPrincipalMapping

Login configuration that is used by Java 2 Connectors to map users to principals that are defined in the J2C authentication data entries.

WSLogin

Indicates whether all of the applications can use the WSLogin configuration to perform authentication for the appserver security run time.

This login configuration does not honor the CallbackHandler handler that is defined in the client container deployment descriptor. To use this functionality, use the ClientContainer login configuration.
The WSLogin configuration is the default login configuration for the appserver. Do not remove this default because other administrative applications that use it fail. This login configuration authenticates users for the appserver security run time. Use the credentials from the authenticated subject that are returned from this login configuration as an authorization check for access to appserver resources.

Related concepts
Java Authentication and Authorization Service

Related tasks
Configure programmatic logins for JAAS

Related Reference
Directory conventions