All geek questions in one place

How to get weblogic to pick up jaas.config input module from internal ear file?

We have a custom login module (well, actually, several) for our application. We recently switched to Weblogic from OC4J, where we used this configuration in system-jazn-data.xml.

We have our authentication for the correct operation, however, in order to use the JAAS module, we need to configure the java launch parameter pointing to the jaas.config file:

-Djava.security.auth.login.config=/path/to/jaas.config

File contents:

 DatabaseAuthentication { uk.co.corelogic.framework.security.auth.module.RDBMSLoginModule optional debug=false; };

My question is, is there any other way to do this?

The problem is that I'm trying to remove any external dependencies from the ear of the application so that it can be deployed with the default setting without having to create files on the application server.

I looked everywhere, but all the instructions I found say to specify an external file. This is a terribly simple configuration bit - can it be placed in deployment descriptor files anywhere?

There are other things that I need to change, but they require separate questions :)

+4
source share
1 answer

Well, I spent some time on this, and I think I have a decent solution. Instead of using the login.conf file and garbage -Dsecurity.auth.login.. you can create a configuration class containing the necessary information and pass it when creating the LoginContext . Here is a simple example of class I:

 public class MyAppLoginModuleConfig extends javax.security.auth.login.Configuration { private static final String APP_NAME = "MyApp"; private static final String LOGIN_MODULE_CLASS = "com.myapp.security.MyLoginModule"; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if (name.equals(APP_NAME)) { AppConfigurationEntry[] configArr = new AppConfigurationEntry[1]; configArr[0] = new AppConfigurationEntry( LOGIN_MODULE_CLASS, AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, // or required, sufficient, etc new HashMap<String, Object>()); // for any options you have, can't be null return configArr; } // something funky happened and we're trying to look up a different app throw new RuntimeException("Expected app: " + APP_NAME + ", but got: " + name); } }

And when you create your login context, pass it like this:

 Subject subject = null; Configuration myAppConfig = new MyAppLoginModuleConfig(); LoginContext ctx = new LoginContext("MyApp", subject, callbackHandler, myAppConfig);
+2
source

Source: https://habr.com/ru/post/1402719/

More articles:


All Articles