JDBCLoginModule
Authenticate Users with Jetty JAAS JDBCLoginModule
Configure kPow to read authentication and role information from a database via JDBC.
In Depth: For specifics on JAAS / JSBC configuration see the Jetty JDBCLoginModule docs.

Form or Basic Authentication?

kPow supports both form-based and basic authentication.
Form authentication is the default. To basic authentication, set the environment variable:
1
JETTY_AUTH_METHOD=basic
Copied!

Configuration

To enable LdapLoginModule authentication you must:
  • Create a JAAS configuration file
  • Set the AUTH_PROVIDER_TYPE=jetty environment variable.
  • Start the JAR or Docker container with -Djava.security.auth.login.config=/path/to/jaas.conf

JAAS Configuration

Create a JAAS JDBC configuration file (the kpow realm is very important).
1
kpow {
2
org.eclipse.jetty.jaas.spi.JDBCLoginModule required
3
dbUrl="jdbc:hsqldb:."
4
dbUserName="sa"
5
dbDriver="org.hsqldb.jdbcDriver"
6
userTable="myusers"
7
userField="myuser"
8
credentialField="mypassword"
9
userRoleTable="myuserroles"
10
userRoleUserField="myuser"
11
userRoleRoleField="myrole";
12
};
Copied!

Environment Configuration

To activate Jetty JAAS authentication set the environment variable AUTH_PROVIDER_TYPE=jetty

JAR Startup

Specify the JAAS config file by setting the following system property when starting the JAR:
-Djava.security.auth.login.config=/path/to/jaas.conf
Note: System properties must come after java but before -jar.
1
AUTH_PROVIDER_TYPE=jetty \
2
<... more env vars ...> \
3
java -Djava.security.auth.login.config=/opt/kpow/jaas.conf -jar /opt/kpow/latest.jar
Copied!

Docker Container Startup

Note: The JVM provides an environment variable called JAVA_TOOL_OPTIONS that can be used in place of system properties. We use this the thread the JAAS config to Docker.
Set the env var JAVA_TOOL_OPTIONS=-Djava.security.auth.login.config=/path/to/jaas.conf
Note: When your JAAS config is on the host machine and not within the container you will need to configure a docker volume mount so that kPow can read that configuration:
docker run --volume="/config/path:/config/path/" -p 3000:3000 --env-file ...
When starting the docker container you will see logging output similar to:
1
Picked up JAVA_TOOL_OPTIONS: -Djava.security.auth.login.config=/path/to/jaas.conf
Copied!

User Experience

When configured your users will be prompted to authenticate on each new browser session.
Last modified 1yr ago