InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.6: Introduction to SAS programming >
5.7.6.2: Extracting credentials from a thread >
5.7.6.2.3: Server-side programmatic login

5.7.6.2.3: Server-side programmatic login

Server-side programmatic login will authenticate the basic-authorization data or credential token and create a credential authenticated against the local registry or LTPA registry. The basic-authorization credential can be sent from a client or created in the server. After authentication, the authenticated credential is maintained by the security session and is set onto the Current object each time a method request gets executed. The credentials remain available on the Current object as long as the request is being executed on the server.

There are two ways to create the authenticated credential object:

  • Map the basic-authentication credential to the local or LTPA registry by calling the com.ibm.IExtendedSecurity.CredentialsOperations.get_mapped_credentials method. This method maps the information in the basic-authentication credential to the specified registry. If authentication fails, the get_mapped_credentials method returns an empty credential. (There is also a get_mapped_creds method; it throws an exception if authentication fails.)
  • Call the PrincipalAuthenticator.authenticate method, which takes the user ID and password as arguments.

The code example illustrates a server that creates a basic-authentication credential using the LoginHelper class and then creates an authenticated credential by calling the get_mapped_credentials method.

...
// Get the security Current object.
...
if (current != null)
{
// Get a handle to LoginHelper from the Current object.
com.ibm.IExtendedSecurity._LoginHelper loginHelper = current.login_helper();

// Construct a basic-authorization credential for
// later authentication by the server.
org.omg.SecurityLevel2.Credentials credentials =
loginHelper.request_login(security_name,
realm_name,
password,
new org.omg.SecurityLevel2.CredentialsHolder(),
new org.omg.Security.OpaqueHolder());

// Set the credentials for outbound requests.
current.set_credentials(org.omg.Security.CredentialType.SecInvocationCredentials, credentials);
...

// Map the basic-authentication credentials to the registry.
org.omg.SecurityLevel2.Credentials mapcreds = null;
mapcreds = ((com.ibm.IExtendedSecurity.CredentialsOperations)creds).get_mapped_credentials(null, "", null);

// Check to see if authentication succeeded.
if (mapcreds = null)
System.out.println("Login failed");
}

If you prefer to catch an exception when authentication fails, use the get_mapped_creds method and catch the org.omg.Security.LoginFailed exception.

try
{
// Map the basic-authentication credentials to the registry.
org.omg.SecurityLevel2.Credentials mapcreds = null;
mapcreds = ((com.ibm.IExtendedSecurity.CredentialsOperations)creds).get_mapped_creds(null, "", null);

}
catch (org.omg.Security.LoginFailed e)
{
System.out.println("Login failed");
}
Go to previous article: Client-side programmatic login Go to next article: Selectively disabling security

 

 
Go to previous article: Client-side programmatic login Go to next article: Selectively disabling security