Creating a Sign-In Policy

NOTE  Most of the information provided in this section applies only when Workplace is configured for application-managed authentication. Developers are recommended to take note of the application of the material presented in this section.

The Toolkit provides a default sign-in policy implementation. It uses the Content Engine to validate credentials, and persists credentials required for Content Engine and Process Engine access.

The Toolkit includes a sign-in policy interface definition for creating your own sign-in implementation. You may want to create your own implementation to:

This topic describes the default sign-in policy implementation provided in the Toolkit. It also outlines the requirements for creating a new sign-in policy implementation.

Default Implementation

The steps and diagram below summarize the default sign-in policy implementation when Workplace is configured for application-managed authentication.

When the user submits a sign-in form:

  1. WcmController's handleEvent( ) method is called.
  2. WcmController dispatches the SignIn event to WcmSignInModule.
  3. WcmSignInModule calls WcmSignInProcess..signIn(...).
  4. WcmSignInProcess.signIn(...) calls the signInViaToken(...) method, which passes credentials with a token. This method executes the 3.x Toolkit sign-in behavior (the Toolkit's default configuration).

    If you configure your application to use the 2.x Toolkit behavior, WcmSignInProcess.signIn(...) calls either the signInLocal(...) method to set credentials for a local session, or the signInRemote(...) method to set credentials for an SSL-enabled session.

    Use of 2.x or 3.x sign-in behavior is specified in the internalTokensEnabled setting.

  5. WcmSignInProcess.signIn(...) returns the destination page to WcmSignInModule.
  6. WcmSignInModule passes the destination page to the WcmController's sendRedirect method.
  7. WcmController.sendRedirect( ) sends a client-side redirect to the HTML browser.

default sign-in policy implementation

signInViaToken Method

The steps and diagram below summarize how credentials are passed with an internal token (not to be confused with a user token), either for a local session or for a remote session in a Toolkit-based application. This method is used when your application is configured to use the 3.x Toolkit sign-in behavior.

  1. WcmSignInProcess.signInViaToken(...) is called.
  2. If the session is local, the method calls InternalTokenPolicy.SignInViaToken(...) method to get and return the token.

    OR

    If the session is remote, the method calls WcmCredentialsServlet.getInternalTokenRequestURL(...), a static utility method that constructs and returns a URL to access the credentials servlet.

  3. If the session is remote, the returned URL is passed to WcmHTTPUtil.sendHTTPCredentialsRequest(...), which performs a post request based on the URL string, then returns the status of the operation.

passing credentials with a token

signInLocal Method

The steps and diagram below summarize how credentials are set for a local session in an application configured to use the 2.x Toolkit sign-in behavior.

  1. WcmSignInProcess.signInLocal(...) is called.
  2. The signInLocal(...) method calls the controller's getSignInPolicy(...) method, which returns the WcmSignInPolicy object -- the singleton instance of WcmSignInPolicyInterface.
  3. The signInLocal(...) method calls WcmSignInPolicy.setCredentials(...).
  4. The WcmSignInPolicy.setCredentials( ) method does the following:
  5. WcmSignInPolicy returns the destination page to WcmSignInProcessor.signInLocal(...).

2.x Toolkit sign-in behavior (non-SSL)

signInRemote Method

The steps and diagram below summarize how credentials are set for an SSL-enabled session in an application configured to use the 2.x Toolkit sign-in behavior.

  1. WcmSignInProcess.signInRemote(...) is called.
  2. The signInRemote(...) method calls WcmCredentialsServlet.getCredentialsRequestURL(...), a static utility method that constructs a URL to access the credentials servlet.

    The method sets the credentials remotely or locally, depending on whether the SSL-enabled server is local or remote. If the server is local, the method calls into WcmServerCredentials.getSessionToken, a static method that returns a user token, which is included in the URL.

  3. WcmCredentialsServlet.getCredentialsRequestURL(...) returns the URL.
  4. The returned URL is passed to WcmHTTPUtil.sendHTTPCredentialsRequest(...), which performs a post request based on the URL string.
  5. The sendHTTPCredentialsRequest method returns the status of the operation.

2.x Toolkit sign-in behavior (SSL-enabled)

Creating a New Implementation

The following steps show you how to implement a sign-in policy and a user-token policy in one class, as the Toolkit's default sign-in policy is implemented. However, note that implementing the two interfaces in one class is not a requirement. This implementation may be utilized when either application-managed or container-managed authentication are employed by Workplace.

  1. Implement the following methods in WcmSignInPolicyInterface:
  2. If you're using ConfigurableController, set the signInPolicy option in Workplace/WEB-INF/p8controller.xml.

    OR

    If you're implementing your own application controller based on the abstract WcmController class, override the getSignInPolicy( ) method. This is a singleton factory method, implemented in WcmController. For example:

    public WcmSignInPolicyInterface getSignInPolicy() throws Exception
    {
       if ( signInPolicy == null )
       {
          String guestUser = null;
          WcmSSLInfo ssl = new WcmSSLInfo(bootstrap.getSSLInfo(), dataStore);

          if ( bootstrap.getAllowGuest() )
             guestUser = bootstrap.getGuestUser();

          signInPolicy = new WcmSignInPolicy(
                            this, ssl.getProtocol(), ssl.getSslHostDecoded(), guestUser, null,
                            (isBootstrapRequired() ? getBootstrapPage() : null) );
       }

       return( signInPolicy );
    }

See Also
ConfigurableController Preferences
Implementing a Controller
User Tokens in the Workplace Customization Guide