You can develop a JASPIC provider to authenticate inbound web requests by using the
com.ibm.wsspi.security.jaspi.ProviderService
interface that is provided in the Liberty server.
About this task
The Java™ Authentication SPI for Containers specification,
JSR 196, defines an interface for authentication providers. In the Liberty server, you must package your JASPIC
provider as a user feature. Your feature must implement the
com.ibm.wsspi.security.jaspi.ProviderService
interface.
Procedure
- Create an OSGi component that provides a service that implements the
com.ibm.wsspi.security.jaspi.ProviderService
interface.
The ProviderService
interface defines method,
getAuthConfigProvider
, which the Liberty run time invokes to retrieve an instance
of your JASPIC provider class that implements the
javax.security.auth.message.config.AuthConfigProvider
interface.
The following example uses OSGi declarative services
annotations:
@package com.mycompany.jaspi;
import java.util.Map;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import org.osgi.service.component.ComponentContext;
import com.mycompany.jaspi.SampleAuthConfigProvider;
import com.ibm.wsspi.security.jaspi.ProviderService;
@Component(service = { ProviderService.class },
configurationPolicy = ConfigurationPolicy.IGNORE,
immediate = true,
property = { "myPoviderPoperty1=value1",
"myPoviderPoperty2=value2"})
public class SampleJaspiProviderService implements ProviderService {
Map<String, String> configProps = null;
// This method called by the Liberty runtime
// to get an instance of AuthConfigProvider
@Override
public AuthConfigProvider getAuthConfigProvider(Map<String, String>,
AuthConfigFactory factory)
{
return new SampleAuthConfigProvider(configProps, factory);
}
protected void activate(ComponentContext cc) {
// Read provider config properties here if needed,
// then pass them to the AuthConfigProvider factory.
// This example reads the properties from the OSGi
// component definition.
configProps = (Map<String, String>) cc.getProperties();
}
protected void deactivate(ComponentContext cc) {}
}
- Package the component into an OSGi bundle that is part of your user feature, along with
your JASPIC authentication provider.
- Ensure that your feature includes the OSGi subsystem content:
com.ibm.websphere.appserver.jaspic-1.1; type="osgi.subsystem.feature"
.
- After the feature is installed into the user product extension location, configure the
server.xml file with the feature name. For example:
<featureManager>
...
<feature>usr:myJaspiProvider</feature>
</featureManager>