InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and custom logins >
5.4.2: Server-side login

5.4.2: Server-side login

Use a server-side login when a program needs to log users into the security domain and to use the authentication data itself. A client-side login collects the authentication data and sends it to another program for actual authentication; a server-side login does both tasks.

Server-side login works in the following manner:

  1. The user makes a request that triggers a servlet.
  2. The servlet presents the user with a login form for collecting authentication data. The user inserts his or her user ID and password into the form and submits it.
  3. The servlet presents the request to the server.
  4. The server processes the request, extracting the authentication data from the context and performing authentication.
  5. If the authentication was successful, the server grants the request. If the authentication fails, the server denies service.

The server programmer is responsible for writing the code to extract the authentication data, insert it into the CORBA data structures, and authenticate the user. WebSphere provides a utility class, the ServerSideAuthenticator class, that can be used to simplify the CORBA programming needed to do this kind of programmatic login. This class extends the LoginHelper class used for client-side login. The TestServer application illustrates the use of the ServerSideAuthenticator class.

Go to previous article: LoginHelper Go to next article: The TestServer

 

 
Go to previous article: LoginHelper Go to next article: The TestServer