InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and custom logins >
5.4.2: Server-side login >
5.4.2.2: The ServerSideAuthenticator class

5.4.2.2: The ServerSideAuthenticator class

The ServerSideAuthenticator class is a WebSphere-provided utility class that provides wrappers around CORBA security methods. It extends the LoginHelper class for use by servers.

The following list summarizes the public methods in the ServerSideAuthenticator class. The source file is installed at:

<installation_root>/hosts/default_host/examples/security/ServerSideAuthenticator.java
and the class file is installed at:
<installation_root>/servlets/ServerSideAuthenticator.class

ServerSideAuthenticator()
The constructor obtains a new security-context object from the underlying ORB. This object is used to carry authentication information and resulting credentials.

Syntax:
ServerSideAuthenticator() throws IllegalStateException
login()
This method takes the user's authentication data (identifier and password), authenticates the the user (if the force_authn argument is set to TRUE), and returns the resulting Credentials object.

Syntax:
org.omg.SecurityLevel2.Credentials login(String userID, String password,
boolean force_authn)
throws org.omg.SecurityLevel2.LoginFailed,
com.ibm.IExtendedSecurity.RealmNotRegistered,
com.ibm.IExtendedSecurity.UnknownMapping,
com.ibm.IExtendedSecurity.MechanismTypeNotRegistered,
com.ibm.IExtendedSecurity.InvalidAdditionalCriteria
authenticate()
This method does the actual authentication work.

Syntax:
org.omg.SecurityLevel2.Credentials authenticate(String userID, String password)
throws org.omg.SecurityLevel2.LoginFailed,
org.omg.SecurityLevel2.InvalidCredential,
org.omg.Security.InvalidCredentialType,
com.ibm.IExtendedSecurity.RealmNotRegistered,
com.ibm.IExtendedSecurity.UnknownMapping,
com.ibm.IExtendedSecurity.MechanismTypeNotRegistered,
com.ibm.IExtendedSecurity.InvalidAdditionalCriteria
Go to previous article: The TestServer Go to next article: Accessing secured resources from Java clients

 

 
Go to previous article: The TestServer Go to next article: Accessing secured resources from Java clients