Configuring an application JAAS custom login context entry and login module using a JAAS configuration file for Liberty

JAAS configuration information can be configured in a JAAS configuration file.

About this task

We support the server.xml file, client.xml file and the JAAS configuration file for JAAS configuration. However, it is suggested to configure the JAAS custom login module in the server.xml file or client.xml file. For further details about configuring the JAAS custom login module, see Configuring a JAAS custom login module for Liberty.

The Liberty server reads the JAAS configuration file for an application JAAS custom login context entry and login module. The changes that are made to the JAAS configuration file are used by the local application and take effect after the application server is restarted. The JAAS configuration in the server.xml file takes precedence over what is defined in the JAAS configuration file. A configuration entry in the JAAS configuration file is overridden by an entry of the same alias name in the server.xml file.

To configure a JAAS custom login module, complete the following steps:

Procedure

  1. Enable the appSecurity-2.0 Liberty feature in the server.xml file. 
    
<featureManager>
    <feature>appSecurity-2.0</feature>
    ...
</featureManager>
  2. Create a JAAS custom login module class.

    For example, com.sample.CustomLoginModule that implements the LoginModule interface and package it into the CustomLoginModule.jar file.

  3. Create the default jaas directory.
    For the server
    ${server.config.dir}/resources/security/jaas
    For the client
    ${client.config.dir}/resources/security/jaas
    Note: All JAAS custom login modules that are specified in the JAAS configuration file must place in the default jaas directory.
  4. Place the CustomLoginModule.jar file in the default jaas directory.
  5. Create a JAAS configuration file.
    For example, create a myJaas.conf file and place it in the ${server.config.dir}/resources/security/jaas directory that has the following content:
    
myCustomLoginContext {
    com.sample.CustomLoginModule required myOption1="value1" myOption2="value2";
};
  6. Configure the JAAS configuration file using the jvm.options file.
    For example,
    
-Djava.security.auth.login.config=${server.config.dir}/resources/security/jaas/myJaas.conf
    Note: We only support the application custom JAAS login module in the JAAS configuration file. Do not put the default system JAAS configuration information in the JAAS configuration file.
    Note: The JAAS configuration file is not dynamically updated if you made any changes. We strongly recommend configuring the JAAS configuration information in the server.xml file or client.xml file.