jaasTest{ org.mule.module.jaas.loginmodule.DefaultLoginModule required credentials="anon:anon;Marie.Rizzo:dragon;"};
Jaas Security
The JaasSimpleAuthenticationProvider is a security provider that provides a way to interact with the Jaas Authentication Service.
The security provider for Jaas can be configured in a couple of different ways. It allows you to configure Jaas either by passing to the provider a Jaas configuration file or by passing the required attributes directly to the JaasSimpleAuthenticationProvider
. These two configuration methods are described below.
Using the Jaas Configuration File
Usually, JAAS authentication is performed in a pluggable fashion, so applications can remain independent from underlying authentication technologies.
The above example was saved in a file called jaas.conf
. This file contains just one entry called com.ss.jaasTest
, which is where the application we want to protect can be found. The entry specifies the login module that’s used to authenticate the user. As a login module, you can either use Mule’s DefaultLoginModule
, one of the login modules that come with Sun, or else create your own. In this case, we have opted for Mule’s DefaultLoginModule
.
The required
flag that follows the login module specifies that the login module must succeed for the authentication to be considered successful. Additional flags are:
Required - The login module is required to succeed. If it succeeds or fails, authentication still continues to proceed down the login module list.
Requisite - The login module is required to succeed. If it succeeds, authentication continues down the login module list. If it fails, control immediately returns to the application.
Sufficient - The login module is not required to succeed. If it does succeed, control immediately returns to the application (authentication does not proceed down the login module list). If it fails, authentication continues down the login module list.
Optional - The login module is not required to succeed. If it succeeds or fails, authentication still continues to proceed down the login module list.
The entry also specifies the credentials, in which we put a string of authorized users together with their passwords. The credentials are put here only when the DefaultLoginModule
is going to be used, as the method in which the user names and passwords are obtained may vary from one login module to another.
The format of the credentials string must adhere to the following format if the DefaultLoginModule
is going to be used:
<username>:<password>;
Configuring the Provider in the Mule Configuration File
<mule xmlns="http://www.mulesource.org/schema/mule/core/3.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaas="http://www.mulesource.org/schema/mule/jaas/3.2" ...cut... <jaas:security-manager> <jaas:security-provider name="jaasSecurityProvider" loginContextName="jaasTest" loginConfig="jaas.conf"/> </jaas:security-manager>
Note that in the above, the loginContextName
contains the same name of the entry as in the Jaas configuration file. This name is used for creating the login context as well as to find the complete URL of the jaas.conf
file.
Passing the Credentials Directly to the Provider
The second option for the configuration of the JaasSimpleAuthenticationProvider
is to pass the configuration details that would otherwise be found in the Jaas configuration file directly to the provider.
<jaas:security-manager> <jaas:security-provider name="jaasSecurityProvider" loginContextName="jaasTest" credentials="anon:anon;Marie.Rizzo:dragon;"/></jaas:security-manager>
In the above configuration, note that we removed the property loginConfig
and don’t need to pass any Jaas configuration file. Instead, we simply pass the credentials to the provider (using the same format as specified above). Since no login module is specified, the DefaultLoginModule
is used.
Passing a Non-default Login Module
The third option is to enter your own login module.
<jaas:security-manager> <jaas:security-provider name="jaasSecurityProvider" loginContextName="jaasTest" loginModule="com.sun.security.auth.module.NTLoginModule"/></jaas:security-manager>
In the above configuration, we have added the loginModule
property, which allows you to specify the login module you want to use to authenticate the user. Since the NTLoginModule
does not require you to input a list of accepted usernames and passwords, the property for the credentials
was removed.
Configuring the Security Filter on an Endpoint
You can use JaasSecurityFilter
as a security filter, as follows:
<inbound> <inbound-endpoint address="vm://test"> <jaas:jaas-security-filter/> </inbound-endpoint></inbound>
Security manager
This is the security provider type that is used to configure JAAS related functionality.