Configuring a JAAS custom login module for the Liberty application client container

You can configure the Liberty application client container to use a custom Java™ Authentication and Authorization Service (JAAS) login module.

1. Add the appSecurityClient-1.0 feature to your client.xml file.

   <feature>appSecurityClient-1.0</feature>

2. Create a class com.sample.CustomLoginModule that implements the LoginModule interface and package it into the CustomLoginModule.jar file.
3. Create a <library> element that uses a <fileset> element that indicates where the CustomLoginModule.jar file is. In this example, the file is in the client's configuration directory, and the library ID is customLoginLib.

   <library id="customLoginLib">
            <fileset dir="${server.config.dir}" includes="CustomLoginModule.jar"/>
   </library>

4. Create a <jaasLoginModule> element. In this example, the ID is myCustom.
   1. Configure the custom login module to require a successful authentication by setting the controlFlag attribute to REQUIRED.
   2. Set the libraryRef attribute to customLoginLib, the ID of the <library> element that is configured in the previous step.

      <jaasLoginModule id="myCustom"  className="com.sample.CustomLoginModule" controlFlag="REQUIRED" libraryRef="customLoginLib"/>

5. Create a <jaasLogincontextEntry> element with the ID and name of the system-defined JAAS configuration on the application client container: ClientContainer.
   You can also set this JAAS configuration to WSLogin, or your own JAAS configuration. In the loginModuleRef attribute, add proxy, the default ID for the proxy login module, and myCustom, the ID of the jaasLoginModule element that is created in the previous step.

   <jaasLoginContextEntry id="ClientContainer" name="ClientContainer" 
   		            loginModuleRef="proxy, myCustom"/>

   No further configuration is needed to enable the proxy login module on the client container.