InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and custom logins >
5.4.1: Client-side login

5.4.1: Client-side login

Use a client-side login when a pure Java client needs to log users into the security domain but does not need to use the authentication data itself.

Client-side login works in the following manner:

  1. The user makes a request to the client application.
  2. The client presents the user with a login form for collecting authentication data. The user inserts his or her user ID and password into the form and submits it.
  3. The client programmatically places the user's authentication data into an ORB-related data structure called the security context.
  4. The client program invokes a method on a server.
  5. The server processes the request, extracting the authentication data from the context and performing authentication.
  6. If the authentication was successful, the server grants the request and returns the security credentials for further use. If the authentication fails, the server denies service.

The client programmer is responsible for writing the code to extract the authentication data and insert it into the CORBA data structures. WebSphere provides a utility class, the LoginHelper class, that can be used to simplify the CORBA programming needed to do this kind of programmatic login. The TestClient application illustrates the use of the LoginHelper class.

In order to use the LoginHelper class, the client needs to know the security properties of the ORB, so you must load a properties file containing those values when you start the client program. The file sas.client.props file installed with WebSphere contains valid values. Specify the properties file on the command line as follows:

-Dcom.ibm.CORBA.ConfigURL=URL of properties file

For example, to load the sas.client.props file and run the TestClient program, issue the following command:

java -Dcom.ibm.CORBA.client.ConfigURL=file://<install_root>
/properties/sas.client.props TestClient

Because the JDK which requires a call to System.exit() any time the AWT is activated, the client programmer needs to call System.exit() at the end to exit the program.

Go to previous article: Overview: Using programmatic and custom logins Go to next article: The TestClient

 

 
Go to previous article: Overview: Using programmatic and custom logins Go to next article: The TestClient