Migrate WebLogic login modules

This rule flags <login-config> elements within web.xml files to alert you that you must configure security in your application.

You can secure applications by adding the users and groups you need to the default user registry and mapping roles to them. On WebSphere Application Server traditional, you can manage the user registry from the administrative console by navigating to Users and Groups > Manage Users and Users and Groups > Manage Groups. On Liberty, you can set up the user registry by configuring a basicRegistry element in the server.xml file.

Alternatively, you can set up a a file-based registry, a Lightweight Directory Access Protocol (LDAP) registry, or a custom registry. You can also configure multiple security configurations for your environment by creating security domains.

For more information about securing applications running on WebSphere Application Server traditional and Liberty, see IBM WebSphere Application Server for Distributed Platforms, Version 8.5: Securing applications and their environment.

Your application might use Java Authentication and Authorization Service (JAAS) login modules. Check your Oracle WebLogic Server configuration to see whether the server uses login modules. If you are using login modules that are provided by Oracle WebLogic Server or that use proprietary APIs, then these modules need to be replaced and configured in WebSphere Application Server.

For information about configuring JAAS login modules on Liberty, see the following documentation:

• Developing JAAS custom login modules for a system login configuration
• Configuring a JAAS custom login module for Liberty

For information about configuring JAAS login modules on WebSphere Application Server traditional, see the following documentation:

• Developing custom login modules for a system login configuration for JAAS
• Using the Java Authentication and Authorization Service programming model for web authentication