Configuration entry settings for Java Authentication and Authorization Service


To specify a list of Java ™ Authentication and Authorization Service (JAAS) login configurations for the application code to use, including J2EE components such as enterprise beans, JSPs files, servlets, resource adapters, and message-driven beans (MDBs).

  1. Click...

      Security | Global security

  2. Under Authentication, click Java Authentication and Authorization Service > Application logins.

Read the JAAS specifications before you begin defining additional login modules for authenticating to the application server security run time. You can define additional login configurations for the applications. However, if the appserver LoginModule com.ibm.ws.security.common.auth.module.WSLoginModuleImpl module is not used or the LoginModule module does not produce a credential that is recognized by the appserver. The application server security run time cannot use the authenticated subject from these login configurations for an authorization check for resource access.

You must invoke Java client programs that use Java Authentication and Authorization Service (JAAS) for authentication with a JAAS configuration file specified.

The appserver supplies the wsjaas_client.conf default JAAS configuration file under the WAS_HOME/properties directory. This configuration file is set in the WAS_HOME/bin/launchClient.bat file as:

set JAAS_LOGIN_CONFIG=-Djava.security.auth.login.config=%APP_ROOT%\properties\wsjaas_client.conf

ClientContainer

Login configuration used by the client container application, which uses the CallbackHandler API that is defined in the client container deployment descriptor.

The ClientContainer configuration is the default login configuration for the appserver. Do not remove this default, as other applications that use it fail.

Default: ClientContainer

DefaultPrincipalMapping

Login configuration used by Java 2 Connectors to map users to principals defined in the J2C authentication data entries.

The ClientContainer configuration is the default login configuration for the appserver. Do not remove this default, as other applications that use it fail.

Default: ClientContainer

WSLogin

Indicates whether all of the applications can use the WSLogin configuration to perform authentication for the application server security run time.

This login configuration does not honor the CallbackHandler handler that is defined in the client container deployment descriptor. To use this functionality, use the ClientContainer login configuration.

The WSLogin configuration is the default login configuration for the application server. Do not remove this default because other admin applications that use it fail. This login configuration authenticates users for the application server security run time. Use the credentials from the authenticated subject that are returned from this login configuration as an authorization check for access to appserver resources.

Default: ClientContainer





 

Related concepts


Java Authentication and Authorization Service

 

Related tasks


Set programmatic logins for Java Authentication and Authorization Service

 

Related


Directory conventions