Configuring a Java Authentication SPI for Containers (JASPIC) User Feature

You can develop a JASPIC provider to authenticate inbound web requests by using the com.ibm.wsspi.security.jaspi.ProviderService interface that is provided in the Liberty server.

About this task

The Java™ Authentication SPI for Containers specification, JSR 196, defines an interface for authentication providers. In the Liberty server, you must package your JASPIC provider as a user feature. Your feature must implement the com.ibm.wsspi.security.jaspi.ProviderService interface.

Procedure

  1. Create an OSGi component that provides a service that implements the com.ibm.wsspi.security.jaspi.ProviderService interface.

    The ProviderService interface defines method, getAuthConfigProvider, which the Liberty run time invokes to retrieve an instance of your JASPIC provider class that implements the javax.security.auth.message.config.AuthConfigProvider interface.

    The following example uses OSGi declarative services annotations:
    @package com.mycompany.jaspi;
    
    import java.util.Map;
    import javax.security.auth.message.config.AuthConfigFactory;
    import javax.security.auth.message.config.AuthConfigProvider;
    import org.osgi.service.component.ComponentContext;
    import com.mycompany.jaspi.SampleAuthConfigProvider;
    import com.ibm.wsspi.security.jaspi.ProviderService;
    
    @Component(service = { ProviderService.class },
               configurationPolicy = ConfigurationPolicy.IGNORE,
               immediate = true,
               property = { "myPoviderPoperty1=value1",
                            "myPoviderPoperty2=value2"})
    public class SampleJaspiProviderService implements ProviderService {
    
        Map<String, String> configProps = null;
    
        // This method called by the Liberty runtime
        // to get an instance of AuthConfigProvider
        @Override
        public AuthConfigProvider getAuthConfigProvider(Map<String, String>,
                                                   AuthConfigFactory factory)
       {
            return new SampleAuthConfigProvider(configProps, factory);
       }
    
        protected void activate(ComponentContext cc) {
            // Read provider config properties here if needed,
            // then pass them to the AuthConfigProvider factory.
            // This example reads the properties from the OSGi
            // component definition.
            configProps = (Map<String, String>) cc.getProperties();
        }
    
        protected void deactivate(ComponentContext cc) {}
    }
  2. Package the component into an OSGi bundle that is part of your user feature, along with your JASPIC authentication provider.
  3. Ensure that your feature includes the OSGi subsystem content: com.ibm.websphere.appserver.jaspic-1.1; type="osgi.subsystem.feature".
  4. After the feature is installed into the user product extension location, configure the server.xml file with the feature name. For example:
    <featureManager>
       ...
       <feature>usr:myJaspiProvider</feature>
    </featureManager>