InfoCenter Home >
5: Securing applications -- special topics >
5.4: Overview: Using programmatic and form logins

5.4: Overview: Using programmatic and form logins

This section describes the use of login specifications (including the use of Single Sign-On) in WebSphere Application Server.

When Java enterprise-bean client applications require the user to provide identifying information, the writer of the application must collect that information and authenticate the user. The work of the programmer can be broadly classified in terms of where the actual user authentication is performed:

  1. In a client program
  2. In a server program

Users of Web applications can be prompted for authentication data in many ways. The login-config element in the Web application's deployment descriptor defines the mechanism used to collect this information. Programmers who want to customize login procedures, rather than relying on general-purpose devices like a 401 dialog window in a browser, can use a form based login to provide an application-specific HTML form for collecting login information.

No authentication occurs unless WebSphere global security is enabled. Additionally, if you want to use form-based login for Web applications, you must specify "FORM" in the auth-method tag in the login-config element in the deployment descriptor of each Web application.

Go to previous article: Changes to security Go to next article: Client-side login

 

 
Go to previous article: Changes to security Go to next article: Client-side login