10.1. JAAS Realm configuration

eXo Platform relies on JAAS for propagating the user identity and roles to the different applications deployed on the server. The JAAS realm is used by all eXo Platform applications and even propagated to the JCR for Access Control. Therefore, if you need to change the JAAS configuration, consider that your change impacts a lot and it may require you to unpackage and modify some .war files.

This section explains:

What is JAAS Realm?

The JAAS configuration requires a login.config file. This file contains one (or more) entry which is called a "Realm". Each entry declares a Realm name and at least one login module. Each login module consists of a Java class and some parameters which are specified by the class.

Below is the default Realm in the Tomcat bundle. In JBoss, it looks different but basically, the explanation is right for both.

gatein-domain {
  org.gatein.sso.integration.SSODelegateLoginModule required
  org.exoplatform.services.security.j2ee.TomcatLoginModule required

In which:

Declaring JAAS Realm in eXo Platform

In the Tomcat bundle

In the JBoss package

List of applications using Realm

If an application (.war) uses the Realm for authentication and authorization, it will refer to the Realm name with either of the following lines.

As mentioned above, if you change "gatein-domain", you need to re-configure all the applications that use the Realm to refer to the new Realm. Here is the list of webapps and the files you need to re-configure:

In the Tomcat bundle:


The .war files are located under the $PLATFORM_TOMCAT_HOME/webapps folder.

In the JBoss package:


The .war files are located under the $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear folder.

See also

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus