The Java™ Authentication Service Provider Interface
for Containers (JASPIC) specification defines a service provider interface (SPI). Authentication
providers, that implement message authentication mechanisms, can be integrated in client or server
message processing containers or runtimes.
About this task
Authentication providers that are integrated through the JASPIC interface, operate on network
messages that are provided by their calling container. The providers transform outgoing messages so
that the source of the message can be authenticated by the receiving container, and the recipient of
the message can be authenticated by the message sender. Incoming messages are authenticated and
returned to their calling container, which is the identity that is established as a result of the
message authentication.
JSR 196 defines a standard SPI, and standardizes how an authentication module is integrated into
Java EE containers. A message processing model and details of
a number of interaction points on the client and server are provided. A compatible web container
uses the SPI at these points to delegate the corresponding message security processing to a server
authentication module (SAM).
Liberty supports the use of third-party authentication providers that are compliant with the
servlet container that is specified in jaspic-1.1
. The servlet container defines
interfaces that are used by the security runtime environment in collaboration with the web
container. These start authentication modules before and after a web request is processed by an
application. Authentication that uses JASPIC modules is used only when JASPIC is enabled in the
security configuration.
Procedure
-
Create an OSGi Bundle Project to develop the Java class.
Your project might have compile errors. To fix these errors, you need to import two packages,
javax.security.auth.message
and
com.ibm.wsspi.security.jaspi
. The
Target Platform must be edited to add the missing JARs into the lists
com.ibm.ws.security.jaspic
from
<cics_install>/wlp/lib
directory and
com.ibm.ws.javaee.jaspic.<version_number>
from
<cics_install>/wlp/dev/api/spec
directory. FTP these to your development system
and add them to the build path.
Edit the file MANIFEST.MF
to import the missing
package.
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: com.example.myjaspic.osgiBundle
Bundle-SymbolicName: com.example.myjaspic.osgiBundle
Bundle-Version: 1.0.0
Bundle-RequiredExecutionEnvironment: JavaSE-1.7
Import-Package: com.ibm.wsspi.security.jaspi;version="1.0.13",
javax.security.auth.message;version="1.0.0",
javax.security.auth.message.callback;version="1.0.0",
javax.security.auth.message.config;version="1.0.0",
javax.security.auth.message.module;version="1.0.0",
javax.servlet;version="2.7.0",
javax.servlet.http;version="2.7.0"
Service-Component: myjaspicExampleComponent.xml
An
example of the service component XML,
myjaspicExampleComponent.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" name="com.example.myjaspic.osgiBundle">
<implementation class="com.example.myjaspic.osgiBundle.TestJASPICProviderService"/>
<service>
<provide interface="com.ibm.wsspi.security.jaspi.ProviderService"/>
</service>
</scr:component>
-
Create a Liberty Feature Project to add the previous OSGi bundle into the user Liberty feature,
under Subsystem-Content in the feature manifest file.
-
Edit the feature manifest to add the necessary OSGi subsystem content:
com.ibm.websphere.appserver.jaspic-1.1; type="osgi.subsystem.feature"
.
Subsystem-ManifestVersion: 1.0
IBM-Feature-Version: 2
IBM-ShortName: jaspic11CICSLiberty-1.0
Subsystem-SymbolicName: com.example.myjaspic.libertyFeature;visibility:=public
Subsystem-Version: 1.0.0.201611081617
Subsystem-Type: osgi.subsystem.feature
Subsystem-Content: com.example.myjaspic.osgiBundle;version="1.0.0",
com.ibm.websphere.appserver.jaspic-1.1;type="osgi.subsystem.feature",
com.ibm.websphere.appserver.servlet-3.0;ibm.tolerates:="3.1";type="osgi.subsystem.feature"
Manifest-Version: 1.0
If you need to add one more Subsystem-Content, you must add at least one
space before you type the content. If you do not add a
space, CICS® returns java.lang.IllegalArgumentException
.
-
Export the Liberty Feature Project as a Liberty Feature (ESA) file.
-
FTP the ESA file to zFS.
-
Use
installUtility
to install the ESA file.
./wlpenv installUtility install myFeature.esa
-
Add the
jaspic-1.1
feature and the ESA file containing the JASPIC provider as
a user feature to server.xml.
<feature>jaspic-1.1</feature>
<feature>usr:jaspic11CICSLiberty-1.0</feature>