Some external user client applications require no user authentication and hence a username and password should not be requested. It is not possible to disable authentication in IBM Cúram Social Program Management, so the best way to achieve this requirement is to write an automatic login script.
The automatic login script takes a hard coded username and password and provides that as the authentication information when requested. This means that all users for such an application will always execute under the same username. Use of such a script should be limited to true open access applications.
When implementing applications that have a need for an automatic login, the implications for session management must be considered. Session management in IBM Cúram Social Program Managementmaintains a user's session information to ensure when the user logs back in, the relevant session information, i.e., their tabs and navigation opens to where they left off for them. In the case of a user that has been automatically logged in, this information must not be maintained, therefore session management may need to be turned off in this scenario. The Cúram Web Client Reference Manual should be referenced for further details on how to turn this off.
The following are examples of automatic login and logout JSP scripts.
<?xml version="1.0" encoding="UTF-8"?> <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:prefix="URI" version="2.0"> <jsp:directive.page buffer="32kb" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" /> <jsp:text> <![CDATA[ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">]]> </jsp:text> <!-- Automatic redirect to login security check of user details specified below --> <html> <head> <script type="text/javascript"> function autoSubmit() { document.getElementById("loginform").submit(); } </script> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> </head> <body class="logonBody" style="visibility: hidden;" onload="autoSubmit()"> <form id="loginform" name="loginform" action="j_security_check" method="post"> <input type="hidden" name="j_username" value="generalpublic" /> <input type="hidden" name="j_password" value="password" /> <input type="hidden" name="user_type" value="EXTERNAL" /> </form> </body> </html> </jsp:root>
<?xml version="1.0" encoding="UTF-8"?> <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:prefix="URI" version="2.0"> <jsp:directive.page buffer="32kb" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" /> <jsp:text> <![CDATA[ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">]]> </jsp:text> <html> <head> <script type="text/javascript"> function autoSubmit() { document.getElementById("logout").submit(); } </script> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> </head> <body class="logoutBody" style="visibility: hidden;" onload="autoSubmit()"> <form id="logout" name="logout" action="servlet/ApplicationController" method="post"> <input type="submit" name="j_logout" value="Log Out" /> <input type="hidden" name="logoutExitPage" value="redirect.jsp" /> </form> </body> </html> </jsp:root>