InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and custom logins >
5.4.3: Form-based login >
5.4.3.3: The SSOAuthenticator class
The SSOAuthenticator class is a WebSphere-provided utility class that
can be used by servlet developers to write custom-login servlets.
The following list summarizes the public methods in the
SSOAuthenticator class. The class files is installed at
<installation_root>/servlets/SSOAuthenticator.class .
- SSOAuthenticator()
- The constructor creates an SSOAuthenticator object and initializes
it based on the SSO configuration within WebSphere Application Server.
The folliwing conditions must be met for successful construction:
- WebSphere security is enabled
- LTPA is selected as the authentication mechanism
- Single Sign-On (SSO) is enabled
Syntax:
SSOAuthenticator() throws IllegalStateException
- login()
- These methods create an LPTA cookie and set the cookie on the
HTTP response header. The first method
takes a boolean argument, force_auth, whose value determines if
the user (based on the identifier and password) is authenticated.
If force_auth is TRUE, authentication occurs; if not, only the
identifier and password are used in the cookie.
The second login method does not take the force_auth argument.
It always attempts authentication and is equivalent to calling
the first with the force_auth argument set to TRUE.
Both methods return CORBA security credentials.
Syntax:
org.omg.SecurityLevel2.Credentials login(String userID, String password,
HttpServletRequest req,
HttpServletResponse res
boolean force_auth)
throws org.omg.SecurityLevel2.LoginFailed
org.omg.SecurityLevel2.Credentials login(String userID, String password,
HttpServletRequest req,
HttpServletResponse res)
throws org.omg.SecurityLevel2.LoginFailed
- logout()
- This method logs the user out. After this method runs, the user
must be authenticated again before making any additional requests.
Syntax:
void logout(HttpServletRequest req, HttpServletResponse res)
|
|