WAS v8.5 > Secure applications > Secure the Liberty profile and its applications > Authenticate users in the Liberty profile > Configure a JAAS custom login module for the Liberty profileConfiguring JAAS on the Liberty profile using developer tools
We can configure a JAAS configuration (system.WEB_INBOUND) with a custom login module for the Liberty profile by editing the configuration. We do not have to configure JAAS unless to customize it.
Before beginning
For a description of the underlying process of configuring a server, and detailed information about specific aspects of server configuration, see Administering the Liberty profile manually.
Avoid trouble: The developer tools creates the reference to a JAAS login module using the loginModuleRef element. You must change it and use the loginModuleRef attribute of jaasLoginContextEntry element. We can refer to the sample JAAS configuration jaasConfig.xml file in the ${ wlp.install.dir}/templates/config directory, and make sure the configuration in your server.xml file is similar to the one in the sample file.
- Select JAAS Login Context Entry and click Add, then enter the login module names. In this example, the custom login module myCustom is added at the beginning of the login process. The system provided login modules (hashtable, userNameAndPassword, certificate, token) are required.
- Select JAAS Login Module and configure your custom login module by entering the Id and the Class name, then click the New button and select Top Level to enter the Shared Library information. In this example, the Id that corresponds to the name of your custom login module is myCustom.
- Enter the ID for the shared Library in the pop-up panel and click OK. In this example, the Id corresponds to the name of the shared library is customLoginLib.
- Configure Name and Description fields for the shared library, then click New button and select Nested to add a Fileset reference as a nested element.
- Configure the Fileset Service Details by clicking Browse button in the Base Directory field and select the directory where the JAR file is located. Then, click Browse button in the Includes pattern field to select your JAR file containing your custom login module implementation. In this example, the custom login module implementation JAR file is CustomLoginModule.jar and located under the ${server.config.dir} directory.
- Optional: If wer custom login module needs any options, we can right click JAAS Login Module, select Add and then select login module options.
- Save the configuration. We can find the following configuration saved in server.xml.
< jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND"> <loginModuleRef>myCustom, hashtable, userNameAndPassword, certificate, token</loginModuleRef> </jaasLoginContextEntry> < jaasLoginModule className="com.ibm.ws.security.authentication.CustomLoginModule" id="myCustom" libraryRef="customLoginLib"> </jaasLoginModule> <library id="customLoginLib" name="customLoginLib" description="Custom login module shared library"> < fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/> </library>- Required: To make the configuration work, you must change the jaasLoginContextEntry element to include the loginModuleRef attribute. You must remove the loginModuleRef element and add it as an attribute of the jaasLoginContextEntry element.
Here is an example of configuration using the loginModuleRef attribute.
< jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND" loginModuleRef="myCustom, hashtable, userNameAndPassword, certificate, token" /> < jaasLoginModule className="com.ibm.ws.security.authentication.CustomLoginModule" id="myCustom" libraryRef="customLoginLib"> </jaasLoginModule> <library id="customLoginLib" name="customLoginLib" description="Custom login module shared library"> < fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/> </library>
Parent topic: Configure a JAAS custom login module for the Liberty profile
|