Before you begin
If you are migrating from WebSphere Application Server for z/OS Version 4.0.1, the following information does not apply. The CustomLoginServlet class, which was not available in WebSphere Application Server for z/OS Version 4.0.1, is being deprecated. If you are migrating from an earlier version of WebSphere Application Server to WebSphere Application Server for z/OS Version 5, you might need to follow these steps.The CustomLoginServlet class is deprecated in Version 5. Those applications using the CustomLoginServlet class to perform authentication now need to use form-based login. Using the form-based login mechanism, you can control the look and feel of the login screen. In form-based login, a login page is specified that displays when retrieving the user ID and password information. You also can specify an error page that displays when authentication fails.
If login and error pages are not enough to implement the CustomLoginServlet class, use servlet filters. Servlet filters can dynamically intercept requests and responses to transform or use the information contained in the requests or responses. One or more servlet filters attach to a servlet or a group of servlets. Servlet filters also can attach to JSP files and HTML pages. All the attached servlet filters are called before invoking the servlet.
Both form-based login and servlet filters are supported by any Servlet 2.3 specification-compliant Web container. A form login servlet performs the authentication and servlet filters can perform additional authentication,auditing, or logging tasks.
To perform pre-login and post-login actions using servlet filters, configure these servlet filters for either form login page or for /j_security_check URL. The j_security_check is posted by the form login page with the j_username parameter, containing the user name and the j_password parameter containing the password. A servlet filter can use user name and password information to perform more authentication or meet other special needs.
Why and when to perform this task
Steps for this task
<filter id="Filter_1"> <filter-name>LoginFilter</filter-name> <filter-class>LoginFilter</filter-class> <description>Performs pre-login and post-login operation</description> <init-param> <param-name>ParamName</param-name> <param-value>ParamValue</param-value> <init-param> </filet> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/j_security_check</url-pattern> </filter-mapping>
Results
This migration results in an application that uses form-based login and servlet filters without the use of the CustomLoginServlet class.Example