- SiteVision 2.6
- | SiteVision 2.6
- | Developer guide
- | Custom JAAS modules
Custom JAAS modules and filters
JAAS (Java Authentication and Authorization Service) is a standardized Java security framework for user-centric security.
Your JAAS plugin must implement the class javax.security.auth.spi.LoginModule and be packed in a jar. The jar must contain a manifest that describes that it is:
SiteVision uses JAAS for authentication and the configuration is located centrally on the Site properties beneath Security -> Authentication Configuration. As a developer, you can write your custom JAAS plugin modules and utilize them in SiteVision.
Implementation
Your JAAS plugin must implement the class javax.security.auth.spi.LoginModule and be packed in a jar. The jar must contain a manifest that describes that it is:
a) a login module:
Name: YourClass
Login-Module: true
Login-Module: true
and/or
b) a login filter:
Name: YourClass
Login-Filter: true
Login-Filter: true
A full example of a manifest file that describes a JAAS module in class se.myorg.security.jaas.MyJaasModule should look like this (note empty lines):
Manifest-Version: 1.0
Name: se.myorg.security.jaas.MyJaasModule
Login-Module: true
Sitevision specific callbacks are available in the public API jar file. More information on how to retireve the jar file can be found here.
In order for SiteVision to detect your JAAS plugin your jar file must be placed in the custom/lib folder.
A comprehensive example of a custom JAAS module is available here
Deployment
In order for SiteVision to detect your JAAS plugin your jar file must be placed in the custom/lib folder.
The next time SiteVision is restarted, the JAAS plugin will be detected and can be configured as any other JAAS plugin found on the tab Authentication configuration beneath Site properties.
Examples
A comprehensive example of a custom JAAS module is available here
help-cluster-2.sitevision.net