Custom JAAS LoginModule
Fortunately, LoginModule
uses a standard JAAS API and as such is well documented in many books and on the Internet. Here, we will write the simplest LoginModule
that solves our problem of validating the principals over a legacy external SSO system using the HTTP protocol. As a didactical support, we will also write in the log when the Security Services container will call our method so that we can figure out when and how many times they are called.
Keep in mind that LoginModule
is a stateful Bean; it must retain configuration data when it is initialized, and from the login callback state to the commit state (or abort or whatever) it must keep the state to answer in a correct and expected way.
Let's start with the definition; ...
Get Securing WebLogic Server 12c now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.