This document shows how to develop new login modules based on Security Infrastructure.
The information is useful for creating new login modules by adapting the pre-defined modules configurations.
The document details ways of writing basic
LoginModules
and lists possible scenarios for using SIN
security components.
The information is organized under the following topics:
The information in this section will help you to develop your own login modules.
All LoginModules
must extend the
SagAbstractLoginModule
.
This class is an abstract superclass for all SIN
LoginModules
. It handles the retrieval of credentials
for all derived classes and the handling of the inter-LoginModule SSO. Derived
classes have to implement initConfiguration ()
and
authenticate ()
. Check the Javadoc for details.
Important:
When you extend the
SagAbstractLoginModule
, do not overwrite the
initialized ()
method. If you need to overwrite it,
for example when you use a new Callback and CallbackHandler, invoke explicitly
the super.initialize ()
method instead. This prevents
the failure of other SIN-based login modules.
To write a LoginModule
using
SagAbstractLoginModule
Define the parameters for the new module.
Extend SagAbstracLoginModule
with main focus
on the implementation of initConfiguration ()
and
authenticate ()
. The first method gets the incoming
parameters from the JAAS configuration file in the following way:
String optionValue = (String) options.get(OPTION_VALUE);
The second method takes care of the actual authentication of the
user. It is called by the login ()
method from the
SagAbstracLoginModule
. You can modify the user
credentials according to the inter-LoginModule SSO.
If you want to implement other methods from the
SagAbstracLoginModule
(logout(), commit(), etc.), it is
a good idea to invoke the super method from the parent class at the end.
See Common Security Scenarios
for ways of using
SIN with products from the webMethods suite.
SIN functionality covers the existing user scenarios for the webMethods Suite for authentication of users, management of roles, and query of user, role, and group information. The login modules are used for different authentication methods. If you configure them according to your environment requirements, you can implement the desired authentication process for your product.