Requirements
The requirements for Java™ Authentication and Authorization
Service (JAAS) authentication of components are:
- An implementation of the JAAS LoginModule class.
- A JAR file containing your custom Java class
(component) and your LoginModule class implementation.
- A JAAS login configuration file. This file contains a section
(a LoginContext section) for your component that specifies your LoginModule class
implementation and the associated login configuration context. The
following entries must appear in this section:
- Because Component Manager uses the Web services transport by default,
the following FileNetP8 stanza is required for authentication on the Content Engine:
FileNetP8
{
com.filenet.api.util.WSILoginModule required debug=false;
};
Refer to the sample Content Engine JAAS configuration files
located on the Content Engine host
in the filenet_installation_directory\CE_API\config\samples
directory.
- The following entry is required in the JAAS stanza (not the FileNetP8
stanza) for the Content Engine to
get a VWSession:
filenet.vw.server.VWLoginModule required;
- When creating a component queue, the LoginContext section identifier
you use must be entered as the Configuration Context value in the
JAAS Credentials section of the Add
Component Queue Wizard in the Process Configuration Console.
Example: The Content-Extended Operations Component
The
Content-Extended Operations component (CE_Operations) is installed
with the Process Engine for Content Engine and Content Manager operations. This component
uses the following:
- An implementation of the JAAS LoginModule class named CELoginModule.
- A JAAS login configuration file named taskman.login.config (described
below). This file is installed in fileNet_installation_directory/Router
on your Application Engine server.
See CELoginModule for
an HTML version of the source for this class. For links to Sun's related
JAAS documentation, see the instructions for creating
JAAS authentication modules.
A JAAS login configuration
file must have a LoginContext section for the login configuration
contexts that the LoginModule will use. For the CE_Operations component,
the LoginContext section in the taskman.login.config file
is named CELogin. This section identifies and locates the program
module or modules that are used for logins by the CE_Operations component.
The
CELogin section looks like this:
CELogin
{
filenet.vw.server.VWLoginModule required routerurl="localhost:32771/vwrouter";
com.filenet.wcm.toolkit.server.operations.util.CELoginModule required credTag=Clear;
};
- The LoginModules referenced are the VWLoginModule for
the Process Engine and the CELoginModule
for the Content Engine.
- The "required" argument on each line is a flag specifying
that VWLoginModule and CELoginModule will succeed only if the name
and password specified by the user (in the JAAS Credentials section
of the Add Component Queue Wizard) are authenticated by each LoginModule.
- The "routerurl" is no longer used, and will be ignored
if present.
- The "credTag=Clear" key value is a session credential
option defined in the CELoginModule class.
When creating a component queue, "CELogin" is entered
as the Configuration Context value in the JAAS Credentials section
of the Add A Component Queue Wizard in the Process Configuration Console.
See Create a Component Queue for instructions.