Red Hat Training

A Red Hat training course is available for Red Hat JBoss Enterprise Application Platform

18.8. Java Authentication SPI for Containers (JASPI)

18.8.1. About Java Authentication SPI for Containers (JASPI) Security

Java Authentication SPI for Containers (JASPI or JASPIC) is a pluggable interface for Java applications. It is defined in JSR-196 of the Java Community Process. Refer to http://www.jcp.org/en/jsr/detail?id=196 for details about the specification.

18.8.2. Configure Java Authentication SPI for Containers (JASPI) Security

To authenticate against a JASPI provider, add a <authentication-jaspi> element to your security domain. The configuration is similar to a standard authentication module, but login module elements are enclosed in a <login-module-stack> element. The structure of the configuration is:

Example 18.55. Structure of the authentication-jaspi element

<authentication-jaspi>
	<login-module-stack name="...">
	  <login-module code="..." flag="...">
	    <module-option name="..." value="..."/>
	  </login-module>
	</login-module-stack>
	<auth-module code="..." login-module-stack-ref="...">
	  <module-option name="..." value="..."/>
	</auth-module>
</authentication-jaspi>

The login module itself is configured in exactly the same way as a standard authentication module.
Because the web-based management console does not expose the configuration of JASPI authentication modules, you need to stop JBoss EAP 6 completely before adding the configuration directly to EAP_HOME/domain/configuration/domain.xml or EAP_HOME/standalone/configuration/standalone.xml.