com.ibm.websphere.security
Class SSOAuthenticator

java.lang.Object
  |
  +--com.ibm.websphere.security.SSOAuthenticator

public class SSOAuthenticator
extends java.lang.Object

SSOAuthenticator is a helper class that helps users to exploit WebSphere's Single Sign-On (SSO) feature. This class can be used by servlet developers to write servlets to perform custom login. For example, a login.html page might contain a set of textfields (e.g., userid, password) and a submit button. Action associated with the submit action can invoke a servlet e.g, CustomLoginServlet. The servlet can pull the userid and password information out of the form. It can use the SSOAuthenticator to login the user. It can call the login(userid, password, req, res) method by passing in the userid, password and the HttpServletRequest and HttpServletResponse objects. The method will perform authentication and set up a single sign on cookie. This requires that security is enabled, LTPA is the selected authentication mechanism and the Single Sign-On feature is also enabled. Without any of these pre-reqs, the construction of the SSOAuthentication will throw a IllegalStateException.


Constructor Summary
SSOAuthenticator()
          Constructing SSOAuthenticator will initialize its state based on the underlying WebSphere configuration.
 
Method Summary
 java.lang.String getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)
           
 java.lang.String getRefererURL(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
           
 java.lang.String getSSOCookieName()
          This method returns the SSO cookie name.
 java.lang.String getSSOCookieValue(java.lang.String userid, java.lang.String password)
          This method can be used to obtain a string token which can be used to maintain state management between clients.
 org.omg.SecurityLevel2.Credentials login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          The following login method will authenticate the user based on the userid and password values.
 org.omg.SecurityLevel2.Credentials login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean force_auth)
          The following login method will authenticate the user based on the userid and password values if the value for force_auth parameters is set to true.
 void logout(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          The logout method will log the user out by deleting the SSOCookie.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSOAuthenticator

public SSOAuthenticator()
                 throws java.lang.IllegalStateException
Constructing SSOAuthenticator will initialize its state based on the underlying WebSphere configuration. For a successful construction: WebSphere's security should be enabled, LTPA authentication mechanism should be the selected authentication mechanism, Single Sign-On should be enabled If any of the above conditions are not met, constructor will throw an IllegalStateException
Throws:
java.lang.IllegalStateException -  
Method Detail

login

public org.omg.SecurityLevel2.Credentials login(java.lang.String userid,
                                                java.lang.String password,
                                                javax.servlet.http.HttpServletRequest req,
                                                javax.servlet.http.HttpServletResponse res)
                                         throws org.omg.SecurityLevel2.LoginFailed
The following login method will authenticate the user based on the userid and password values. If authentication is successful, it will create a SSO cookie based on the SSO configuration and will set the cookie on the response header. If authentication fails, it will throw a org.omg.SecurityLevel2.LoginFailed exception. This method returns the credentials based on successful login.
Parameters:
userid - userid of the user
password - password of the user
req - HttpServletRequest object passed into the servlet's doPost method call
res - HttpServletResponse object passed into the servlet's doPost method call
return - CORBA credentials of the user based on successful login
Throws:
LoginFailed - exception

login

public org.omg.SecurityLevel2.Credentials login(java.lang.String userid,
                                                java.lang.String password,
                                                javax.servlet.http.HttpServletRequest req,
                                                javax.servlet.http.HttpServletResponse res,
                                                boolean force_auth)
                                         throws org.omg.SecurityLevel2.LoginFailed
The following login method will authenticate the user based on the userid and password values if the value for force_auth parameters is set to true. If authentication is successful, it will create a SSO cookie based on the SSO configuration If the value for force_auth is set to false, then authentication will not be performed.The userid and password will be used to create a SSO cookie. This cookie will be set on the response header. In either case, if authentication is required and if it fails, the method will throw a org.omg.SecurityLevel2.LoginFailed exception
Parameters:
userid - userid of the user
password - password of the user
req - HttpServletRequest object passed into the servlet's doPost method call
res - HttpServletResponse object passed into the servlet's doPost method call
force_auth - If authentication is required, this value should be true. If it is set to false, this method will not perform authentication.
return - CORBA credentials of the user based on successful login
Throws:
LoginFailed - exception

logout

public void logout(javax.servlet.http.HttpServletRequest req,
                   javax.servlet.http.HttpServletResponse res)
The logout method will log the user out by deleting the SSOCookie. Any subsequent request by the user will be performed only after being authenticated to the system.
Parameters:
req - HttpServletRequest object passed into the servlet's doPost method call
res - HttpServletResponse object passed into the servlet's doPost method call

getRefererURL

public java.lang.String getRefererURL(javax.servlet.http.HttpServletRequest req,
                                      javax.servlet.http.HttpServletResponse res)

getSSOCookieName

public java.lang.String getSSOCookieName()
This method returns the SSO cookie name.
Returns:
SSO cookie name

getSSOCookieValue

public java.lang.String getSSOCookieValue(java.lang.String userid,
                                          java.lang.String password)
This method can be used to obtain a string token which can be used to maintain state management between clients. This state is maintained by default using the HTTP Cookie mechanism. If users want to achieve their own state management (e.g, pass it as parameters to applets), they can use this SSO cookie value.
Parameters:
userid - userid
password - user's password

getLTPACookieValue

public java.lang.String getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)