In this recipe, we will see the available JAAS modules provided by GateIn and how to customize them. They are based on a simple approach, so if you are in a particular environment, you may need to create a new module or extend one of them, which is easy to do.
We are going to choose one of the available modules for JAAS:
- Locate the login modules file at the following path:
gatein.ear/META-INF/gatein-jboss-beans.xml - Locate the JAAS configuration file in your application server. See the previous two recipes Securing with JBoss AS and Securing with Tomcat for the locations of the JAAS configuration files
Depending on your security requirements, you can choose the login modules required for your architecture.
The complete list of all the JAAS modules provided by GateIn is as follows:
org.gatein.wci.security.WCILoginModule: A standard wrapper module used between Tomcat, JBoss, and Jetty. It's the default first module.org.exoplatform.web.security.PortalLoginModule: Dedicated to refresh the current authentication session. It can be used on cluster environment.org.exoplatform.services.security.jaas.SharedStateLoginModule: Keeps user credentials in the cache to avoid reauthentication requests when the session is closed.org.exoplatform.services.security.jaas.DefaulLoginModule: This is a simple generic login module compliant with all application servers.org.exoplatform.services.security.jaas.IdentitySetLoginModule: Stores the identity for the logged user in the default registry.org.exoplatform.services.security.j2ee.JbossLoginModule: Adapts to the login and logout operations on JBoss. It always must be used as last module in the JBoss authentication chain.org.exoplatform.services.security.j2ee.JettyLoginModule: This is the base module for Jetty.org.exoplatform.services.security.j2ee.TomcatLoginModule: This is the base module for Tomcat.org.exoplatform.services.security.j2ee.DigestAuthenticationJbossLoginModule: The JBoss module for digest authentication.org.exoplatform.services.security.j2ee.DigestAuthenticationJettyLoginModule: The Jetty module for digest authentication.org.exoplatform.services.security.j2ee.DigestAuthenticationTomcatLoginModule: The Tomcat module for digest authentication.org.exoplatform.services.organization.idm.CustomMembershipLoginModule: This login module can be used to add authenticated user to some group after a successful login. For example, a user can be added asmemberto the group/platform/usersafter the login process. Group name and Membership type are configurable, and if they are not provided by the configuration, then the valuememberis used as the default value for membership type and/platform/usersfor group
Note
This list describes minimally the function of the modules. If you need more details about the modules, you should consult the GateIn reference guide available at: http://docs.jboss.com/gatein/portal/latest/reference-guide/en-US/html/
All these modules use the Organization Service internally used by GateIn to manage users, groups, and membership information. The unique exception is WCILoginModule, which is a wrapper dedicated to provide wide compatibility for application servers.
More information about the Organization Service is provided in the Assigning users to groups recipe in Chapter 4, Managing Portal Users.
In order to implement your own JAAS module, you should take a look at the source code and use your preferred Java IDE. The concrete class must extend the following Java interface:
javax.security.auth.spi.LoginModule
All the methods of this interface that you need to extend are:
Public interface LoginModule { public abstract void initialize( javax.security.auth.Subject arg0, javax.security.auth.callback.CallbackHandler arg1, java.util.Map arg2, java.util.Map arg3 ); public abstract boolean login(); public abstract boolean commit(); public abstract boolean logout(); public abstract boolean abort(); }
Once you create your own module implementation, you only need to add it to the module's configuration file. See the previous two recipes Securing with JBoss AS and Securing with Tomcat for the locations of the JAAS configuration files