Configuring servlet filters for form login processing

IBM® Rational® Application Developer or an assembly tool can configure the servlet filters. Two steps are involved in configuring a servlet filter.

Procedure

  1. Name the servlet filter and assign the corresponding implementation class to the servlet filter.

    Optionally, assign initialization parameters that get passed to the init method of the servlet filter.

    After configuring the servlet filter, the web.xml application deployment descriptor contains a servlet filter configuration similar to the following example:
    <filter id="Filter_1">
    			<filter-name>LoginFilter</filter-name>
    			<filter-class>LoginFilter</filter-class>
    			<description>Performs pre-login and post-login 
            operation</description>
    			<init-param>// optional
    					<param-name>ParameterName</param-name>
    					<param-value>ParameterValue</param-value>
    			</init-param>
    </filter>
  2. Map the servlet filter to a URL or a servlet.

    After mapping the servlet filter to a URL or a servlet, theweb.xml application deployment descriptor contains servlet mapping similar to the following example:

    <filter-mapping>
    			<filter-name>LoginFilter</filter-name>
    			<url-pattern>/j_security_check</url-pattern> 
                   // can be servlet <servlet>servletName</servlet>
    </filter-mapping>
    

Example

You can use servlet filters to replace the CustomLoginServlet servlet, and to perform additional authentication, auditing, and logging.

The WebSphere® Application Server Samples Gallery provides a form login sample that demonstrates how to use the WebSphere Application Server login facilities to implement and configure form login procedures. The sample integrates the following technologies to demonstrate the WebSphere Application Server and Java Platform, Enterprise Edition (Java EE) login functionality:
  • Java EE form-based login
  • Java EE servlet filter with login
  • IBM extension: form-based login
The form login sample is part of the Technology Samples package. For more information on how to access the form login sample, see Accessing the Samples (Samples Gallery).
Avoid trouble Avoid trouble: If you install the application server on a z/OS system in which program control is enabled, when you log into a form-based web application you might receive the following error message in the system log file:
ICH420I PROGRAM BBORSMCT FROM LIBRARY WAS.SBBOLD2 CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON)
PROCESSING.
Although program control is enabled on the z/OS system, the program control extended control bits for the application server's native modules will not be enabled. To prevent or resolve this problem enable the program control bits for all of the native load modules in the SMP/E HTTP Server file system (HFS).
  1. Add the necessary attributes to the modules:
    cd SMPE_ROOT/usr/lpp/install_root/V7R0/lib/modules
    extattr +p *
    
  2. Add the attributes to the *.so files and bbo* files in the lib directory:
    cd SMPE_ROOT/usr/lpp/install_root/V7R0/lib
    extattr +p *.so
    extattr +p bbo*
gotcha



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=tsec_configservlet
File name: tsec_configservlet.html