JBoss.orgCommunity Documentation

Tomcat

In the Tomcat bundle, the JAAS configuration is controled by the $TOMCAT_HOME/conf/jaas.conf:

gatein-domain {
  org.gatein.wci.security.WCILoginModule optional;
  org.exoplatform.services.security.jaas.SharedStateLoginModule required;
  org.exoplatform.services.security.j2ee.TomcatLoginModule required; 
};

Replace gatein-domain with your own domain name.

Note

The PortalLoginModule module was designed to support the 'Remember me' feature. The password wrapped in PasswordCallback is the cookie token key. The PortalLoginModule module uses the token key to retrieve Credential object from CookieTokenService, then injects the correct username/password into the shared state (accessible from subsequent login modules). For the moment, to keep the authentication work properly, the PortalLoginModule module is mandatory. On the other hand, to ensure that correct password is visible to other login modules, it should be the first one in the JAAS configuration file. The custom login module could retrieve the real password through the shared state instead of PasswordCallback.

Tip

To learn more about the syntax, or realms in Tomcat, refer to the JAAS tutorial or Tomcat Realm How-To respectively.

For JBoss, you need to edit the default JAAS security domain in the 02portal.war!WEB-INF/jboss-web.xml file.




<jboss-web>

  <security-domain>java:/jaas/gatein-domain</security-domain>

</jboss-web>

Additionally, you need to edit the application-policy to match the security-domain in the gatein.ear!META-INF/gatein-jboss-beans.xml.




<deployment xmlns="urn:jboss:bean-deployer:2.0">

  <application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain">

    <authentication>

      <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">

        <module-option name="portalContainerName">portal</module-option>

        <module-option name="realmName">gatein-domain</module-option>

      </login-module>

      <login-module code="org.exoplatform.services.security.jaas.SharedStateLoginModule" flag="required">

        <module-option name="portalContainerName">portal</module-option>

        <module-option name="realmName">gatein-domain</module-option>

      </login-module>

      <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">

        <module-option name="portalContainerName">portal</module-option>

        <module-option name="realmName">gatein-domain</module-option>

      </login-module>

    </authentication>

  </application-policy>

</deployment> 

Tip

To learn more about the JBoss security configuration, refer to JBoss Web Docs.