Liberty Repository[8.5.5.6 or later]
This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.

Configuring a Java Authentication SPI for Containers (JASPIC) User Feature

You can develop a JASPIC provider to authenticate inbound web requests by using the com.ibm.wsspi.security.jaspi.ProviderService interface that is provided in the Liberty server.

About this task

The Java™ Authentication SPI for Containers specification, JSR 196, defines an interface for authentication providers. In the Liberty server, you must package your JASPIC provider as a user feature. Your feature must implement the com.ibm.wsspi.security.jaspi.ProviderService interface.

Procedure

  1. Create an OSGi component that provides a service that implements the com.ibm.wsspi.security.jaspi.ProviderService interface.

    The ProviderService interface defines method, getAuthConfigProvider, which the Liberty runtime invokes to retrieve an instance of your JASPIC provider class that implements the javax.security.auth.message.config.AuthConfigProvider interface.

    The following example uses OSGi declarative services annotations:
    @package com.mycompany.jaspi;
    
    import java.util.Map;
    import javax.security.auth.message.config.AuthConfigFactory;
    import javax.security.auth.message.config.AuthConfigProvider;
    import org.osgi.service.component.ComponentContext;
    import com.mycompany.jaspi.SampleAuthConfigProvider;
    import com.ibm.wsspi.security.jaspi.ProviderService;
    
    @Component(service = { ProviderService.class },
               configurationPolicy = ConfigurationPolicy.IGNORE,
               immediate = true,
               property = { "myPoviderPoperty1=value1",
                            "myPoviderPoperty2=value2"})
    public class SampleJaspiProviderService implements ProviderService {
    
        Map<String, String> configProps = null;
    
        // This method called by the Liberty runtime
        // to get an instance of AuthConfigProvider
        @Override
        public AuthConfigProvider getAuthConfigProvider(Map<String, String> 
                                                   AuthConfigFactory factory)
       {
            return new SampleAuthConfigProvider(configProps, factory);
       }
    
        protected void activate(ComponentContext cc) {
            // Read provider config properties here if needed,
            // then pass them to the AuthConfigProvider factory.
            // This example reads the properties from the OSGi
            // component definition.
            configProps = (Map<String, String>) cc.getProperties();
        }
    
        protected void deactivate(ComponentContext cc) {}
    }
  2. Package the component into an OSGi bundle that is part of your user feature, along with your JASPIC authentication provider.
  3. Ensure that your feature includes the OSGi subsystem content: com.ibm.websphere.appserver.jaspic-1.1; type="osgi.subsystem.feature".
  4. After the feature is installed into the user product extension location, configure the server.xml file with the feature name. For example:
    <featureManager>
       ...
       <feature>usr:myJaspiProvider</feature>
    </featureManager>

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: Tuesday, 12 December 2017
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=twlp_developing_jaspic_auth_provider
File name: twlp_developing_jaspic_auth_provider.html