Configure JAAS on the Liberty profile using developer tools
We can configure a JAAS configuration (system.WEB_INBOUND) with a custom login module for the Liberty profile by editing the configuration. You do not have to configure JAAS unless to customize it.
For a description of the underlying process of configuring a server, and detailed information about specific aspects of server configuration, see Administer the Liberty profile manually.
Avoid trouble: The developer tools creates the reference to a JAAS login module using the loginModuleRef element. We must change it and use the loginModuleRef attribute of jaasLoginContextEntry element. There are several security configuration examples on the WASdev.net website for reference when configuring security for the applications on the Liberty profile.
- Select JAAS Login Context Entry and click Add, then enter the login module names. In this example, the custom login module myCustom is added at the beginning of the login process. The system provided login modules (hashtable, userNameAndPassword, certificate, token)
are required.
- Select JAAS Login Module: myCustom and configure the custom login module by entering the ID and the Class name, then click the arrow next to the Add button and select Global
Element to enter the shared library information. In this example, the ID that corresponds to the name of the custom login module is myCustom.
- Enter the ID for the shared library
in the pop-up panel and click OK. In this example, the ID corresponds
to the name of the shared library, customLoginLib.
- Configure Name and Description fields
for the shared library, then click the arrow next to the Add button
and select Child Element to add a Fileset reference
as a child element.
- Configure the Fileset. Click Browse in the Base Directory field and select the directory where the JAR file is located. Then, click Browse in the Includes pattern field to select the JAR
file containing the custom login module implementation. In this example, the custom login module
implementation JAR file is CustomLoginModule.jar and located under the ${server.config.dir} directory.
- Optional: If the custom login module needs
any options, we can right-click JAAS Login Module, select Add and then select login module options.
- Save the configuration. We can find the following configuration saved in server.xml.
<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND"> <loginModuleRef>myCustom, hashtable, userNameAndPassword, certificate, token</loginModuleRef> </jaasLoginContextEntry> <jaasLoginModule className="com.sample.CustomLoginModule" id="myCustom" libraryRef="customLoginLib"> </jaasLoginModule> <library id="customLoginLib" name="customLoginLib" description="Custom login module shared library"> <fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/> </library>
- Required: To make the configuration work, we must change the jaasLoginContextEntry element to include the loginModuleRef attribute. We must remove
the loginModuleRef element and add it as an attribute of the jaasLoginContextEntry element.
Here is an example of configuration using the loginModuleRef attribute.
<jaasLoginContextEntry name="system.WEB_INBOUND" id="system.WEB_INBOUND" loginModuleRef="myCustom, hashtable, userNameAndPassword, certificate, token" /> <jaasLoginModule className="com.sample.CustomLoginModule" id="myCustom" libraryRef="customLoginLib"> </jaasLoginModule> <library id="customLoginLib" name="customLoginLib" description="Custom login module shared library"> <fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/> </library>
Parent topic: Configure a JAAS custom login module