com.ibm.websphere.security
Class SSOAuthenticator
java.lang.Object
|
+--com.ibm.websphere.security.SSOAuthenticator
- public class SSOAuthenticator
- extends java.lang.Object
SSOAuthenticator is a helper class that helps users to exploit WebSphere's
Single Sign-On (SSO) feature. This class can be used by servlet developers to write
servlets to perform custom login. For example, a login.html page might contain a set of
textfields (e.g., userid, password) and a submit button. Action associated with the submit
action can invoke a servlet e.g, CustomLoginServlet.
The servlet can pull the userid and password information out of the form. It can use
the SSOAuthenticator to login the user. It can call the
login(userid, password, req, res) method by passing in the userid, password
and the HttpServletRequest and HttpServletResponse objects. The method will perform
authentication and set up a single sign on cookie. This requires that security is enabled,
LTPA is the selected authentication mechanism and the Single Sign-On feature is also enabled.
Without any of these pre-reqs, the construction of the SSOAuthentication will throw
a IllegalStateException.
Constructor Summary |
SSOAuthenticator()
Constructing SSOAuthenticator will initialize its state based on the underlying
WebSphere configuration. |
Method Summary |
java.lang.String |
getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)
|
java.lang.String |
getRefererURL(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
|
java.lang.String |
getSSOCookieName()
This method returns the SSO cookie name. |
java.lang.String |
getSSOCookieValue(java.lang.String userid,
java.lang.String password)
This method can be used to obtain a string token which can be used to maintain
state management between clients. |
org.omg.SecurityLevel2.Credentials |
login(java.lang.String userid,
java.lang.String password,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
The following login method will authenticate the user based on the userid and password values. |
org.omg.SecurityLevel2.Credentials |
login(java.lang.String userid,
java.lang.String password,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
boolean force_auth)
The following login method will authenticate the user based on the userid and password values if
the value for force_auth parameters is set to true. |
void |
logout(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
The logout method will log the user out by deleting the SSOCookie. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SSOAuthenticator
public SSOAuthenticator()
throws java.lang.IllegalStateException
- Constructing SSOAuthenticator will initialize its state based on the underlying
WebSphere configuration. For a successful construction:
WebSphere's security should be enabled,
LTPA authentication mechanism should be the selected authentication mechanism,
Single Sign-On should be enabled
If any of the above conditions are not met, constructor will throw an IllegalStateException
- Throws:
java.lang.IllegalStateException
-
login
public org.omg.SecurityLevel2.Credentials login(java.lang.String userid,
java.lang.String password,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
throws org.omg.SecurityLevel2.LoginFailed
- The following login method will authenticate the user based on the userid and password values.
If authentication is successful, it will create a SSO cookie based on the SSO configuration
and will set the cookie on the response header. If authentication fails, it will
throw a org.omg.SecurityLevel2.LoginFailed exception. This method returns the credentials
based on successful login.
- Parameters:
userid
- userid of the userpassword
- password of the userreq
- HttpServletRequest object passed into the servlet's doPost method callres
- HttpServletResponse object passed into the servlet's doPost method callreturn
- CORBA credentials of the user based on successful login- Throws:
LoginFailed
- exception
login
public org.omg.SecurityLevel2.Credentials login(java.lang.String userid,
java.lang.String password,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
boolean force_auth)
throws org.omg.SecurityLevel2.LoginFailed
- The following login method will authenticate the user based on the userid and password values if
the value for force_auth parameters is set to true. If authentication is successful,
it will create a SSO cookie based on the SSO configuration
If the value for force_auth is set to false, then authentication will not be performed.The
userid and password will be used to create a SSO cookie. This cookie will be set on the
response header.
In either case, if authentication is required and if it fails, the method will
throw a org.omg.SecurityLevel2.LoginFailed exception
- Parameters:
userid
- userid of the userpassword
- password of the userreq
- HttpServletRequest object passed into the servlet's doPost method callres
- HttpServletResponse object passed into the servlet's doPost method callforce_auth
- If authentication is required, this value should be true. If it is set
to false, this method will not perform authentication.return
- CORBA credentials of the user based on successful login- Throws:
LoginFailed
- exception
logout
public void logout(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
- The logout method will log the user out by deleting the SSOCookie. Any subsequent
request by the user will be performed only after being authenticated to the system.
- Parameters:
req
- HttpServletRequest object passed into the servlet's doPost method callres
- HttpServletResponse object passed into the servlet's doPost method call
getRefererURL
public java.lang.String getRefererURL(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
getSSOCookieName
public java.lang.String getSSOCookieName()
- This method returns the SSO cookie name.
- Returns:
- SSO cookie name
getSSOCookieValue
public java.lang.String getSSOCookieValue(java.lang.String userid,
java.lang.String password)
- This method can be used to obtain a string token which can be used to maintain
state management between clients. This state is maintained by default using the
HTTP Cookie mechanism. If users want to achieve their own state management (e.g,
pass it as parameters to applets), they can use this SSO cookie value.
- Parameters:
userid
- useridpassword
- user's password
getLTPACookieValue
public java.lang.String getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)