InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and custom logins >
5.4.3: Form-based login

5.4.3: Form-based login

Applications can present site-specific login forms by making use of WebSphere's custom challenge type. A custom challenge works in the following manner:

  1. An unauthenticated user attempts to use a resource secured with a custom challenge.
  2. The user is redirected to the LoginURL, which takes the user to an HTML form that collects authentication information.
  3. The user inserts his or her user ID and password into the form and submits it.
  4. The submission triggers a servlet that authenticates the user.

WebSphere provides two servlets that can be used as a basis for writing custom-challenge servlets, an AbstractLoginServlet and the CustomLoginServlet, which extends the AbstractLoginServlet.

In web-based applications, it is often desirable to maintain login information across multiple sites so each site doesn't have to require the user retype the information. You can use the WebSphere single sign-on framework to allow the authentication information to be passed along automatically. WebSphere provides a helper class called SSOAuthenticator that simplifies the handling of single sign-on.

Go to previous article: Accessing secured resources from Java clients Go to next article: AbstractLoginServlet

 

 
Go to previous article: Accessing secured resources from Java clients Go to next article: AbstractLoginServlet