Hitachi

uCosminexus Application Server Security Management Guide

5.19.1 Creating jaas.conf

jaas.conf stores the login module names used by each application, the repository number specified in ua.conf (the LDAP directory server or RDB), and other information used by the user authentication or single sign-on library.

Organization of this subsection

(1) Location

The jaas.conf location is as follows.

Overwrite this jaas.conf file or copy it to a new location. Specify the jaas.conf location in the Java VM properties at the time of startup. For details about setting the Java VM properties at the time of startup, see 5.20 Java VM property setup.

Change the jaas.conf access permission so that the Component Container administrators can reference the file. To learn more about setting the Component Container administrators, see 4.1.4 Notes on setting Component Container administrator (For UNIX) in the uCosminexus Application Server System Setup and Operation Guide.

To Page Top

(2) Specification

Specify the following information per application.

When the user authentication library is used to authenticate users:

Define WebPasswordLoginModule as the login module. Assign the LDAP number and realm name defined by the repository defined in ua.conf to the WebPasswordLoginModule options.

To integrate WebPasswordLoginModule with custom login modules, define DelegationLoginModule as the login module, and assign the custom login module name to invoke custom login modules to the DelegationLoginModule option.

When the single sign-on library is used to authenticate users:

Define WebSSOLoginModule as the login module. Assign the custom login module identifier and realm name defined in ua.conf to the WebSSOLoginModule options.

To learn more about the jaas.conf settings when using Active Directory as the LDAP directory server, see 5.16.4 Settings when using Active Directory.

For details about jaas.conf, see 14.2.1 jaas.conf (JAAS configuration file).

To Page Top

(3) Reloading jaas.conf

jaas.conf can be reloaded without restarting the J2EE server by using the mngsvrutil command. This Management Server management command can be used to change the LDAP number used by the login module without restarting the J2EE server.

To use the mngsvrutil command, it is required that Management Server has started and been configured appropriately.

The following figure shows the flow of reloading jaas.conf.

Figure 5‒25: Flow of reloading jaas.conf

[Figure]

For details about the mngsvrutil command, see mngsvrutil (Management Server management command) in the uCosminexus Application Server Command Reference Guide.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.