Requirements
The requirements for Java™ Authentication and Authorization
Service (JAAS) authentication of components are:
- An implementation of the JAAS LoginModule class.
- A JAR file containing your custom Java class
(component) and your LoginModule class implementation.
- A JAAS login configuration file. This file contains a section
(a LoginContext section) for your component that specifies your LoginModule class
implementation and the associated login configuration context. The
following entries must appear in this section:
- Because Component Manager uses the Web services transport by default,
the following FileNetP8 stanza is required for authentication on the Content Platform Engine:
FileNetP8
{
com.filenet.api.util.WSILoginModule required debug=false;
};
Refer to the sample JAAS configuration files located on
the Content Platform Engine server
host in the filenet_installation_directory\CE_API\config\samples
directory.
- The following entry is required in the JAAS stanza (not the FileNetP8
stanza) for the server to get a VWSession:
filenet.vw.server.VWLoginModule required;
- When you create a component queue, enter the LoginContext section
identifier as the configuration context for the JAAS credentials.
For information about creating component queues, see Creating component queues.
Example: The Content-Extended Operations Component
The
Content-Extended Operations component (CE_Operations) is installed
with the workflow system for Content Platform Engine and Content Manager operations. This component
uses the following:
- An implementation of the JAAS LoginModule class
named CELoginModule.
- A JAAS login configuration file named taskman.login.config (described
in the following section). This file is installed in fileNet_installation_directory/Router directory
on your Application Engine server.
See CELoginModule for
an HTML version of the source for this class. For links to Sun's related
JAAS documentation, see the instructions for creating
JAAS authentication modules.
A JAAS login configuration
file must have a LoginContext section for the login configuration
contexts that the LoginModule uses. For the CE_Operations component,
the LoginContext section in the taskman.login.config file
is named CELogin. This section identifies and locates the program
module or modules that are used for logins by the CE_Operations component.
The
CELogin section looks like this:
CELogin
{
filenet.vw.server.VWLoginModule required routerurl="localhost:32771/vwrouter";
com.filenet.wcm.toolkit.server.operations.util.CELoginModule required credTag=Clear;
};
- The LoginModules referenced are VWLoginModule for
a Process Java API session and
CELoginModule for a Content Engine Java API session.
- The "required" argument on each line is a flag specifying
that VWLoginModule and CELoginModule will succeed only if the name
and password that is specified by the user (in the JAAS Credentials
section of the Add Component Queue Wizard) are authenticated by each LoginModule.
- The "routerurl" is no longer used, and is ignored if
present.
- The "credTag=Clear" key value is a session credential option
that is defined in the CELoginModule class.
When you create a component queue, enter "CELogin"
as the configuration context value for the JAAS credentials.