InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and custom logins

5.4: Overview: Using programmatic and custom logins

This section describes the use of programmatic login techniques and custom challenge capabilities in WebSphere Application Server.

When applications require user to provide identifying information, the writer of the application must collect that information and authenticate the user. The work of the programmer can be broadly classified in terms of where the actual user authentication is performed:

  1. In a client program
  2. In a server program

Users can be prompted for authentication data in many ways. The challenge type configured for the application defines the mechanism used to collect this information. Programmers who want to customize login procedures, rather than relying on general-purpose devices like a 401 dialog window in a browser, can use a custom challenge to provide an application-specific HTML form for collecting login information.

When Java enterprise-bean client applications require the user to provide identifying information, the writer of the application must collect that information and authenticate the user. The work of the programmer can be broadly classified in terms of where the actual user authentication is performed:

  1. In a client program
  2. In a server program

Users of Web applications can be prompted for authentication data in many ways. The login-config element in the Web application's deployment descriptor defines the mechanism used to collect this information. Programmers who want to customize login procedures, rather than relying on general-purpose devices like a 401 dialog window in a browser, can use a form based login to provide an application-specific HTML form for collecting login information.

No authentication work will occur unless WebSphere security is enabled. Additionally, if you want to use the custom challenge type, you must configure security as follows (click an item to link to detailed property help for the item):

Go to previous article: Changes to security Go to next article: Client-side login

 

 
Go to previous article: Changes to security Go to next article: Client-side login