Over time, you may need to modify or replace authentication infrastructure due to deficiencies, enhancements, or applications requiring a different security policy. EAServer support for JAAS login modules simplifies replacement and modification of the underlying authentication mechanism.
Configure server-wide login modules that are used to authenticate clients trying to gain access to applications, Web applications, and servlets/JSPs. Figure 11-1 illustrates how JAAS is enabled on EAServer. The com.sybase.jaguar.server.jaas.config server property (defined in EAServer Manager) points to the JAAS configuration file, which determines the login module to use for a specific server. The configuration file requires a section specified by the server property com.sybase.jaguar.server.jaas.section. If you do not set this property, the section name must match the server name.
Based on the contents of the configuration file, EAServer invokes any specified login modules. If a login module is not defined, then JAAS is bypassed and the server uses the regular mechanism, if any, for authentication. For example, if credentials are passed to a server and no login module is defined, the server uses operating system authentication, if enabled.
If a login module is defined, it overrides any other authentication service that may be installed, and passes the request for authentication to the login module.
Figure 11-1: EAServer login design
