com.ibm.websphere.security
Class SSOAuthenticatorjava.lang.Object | +--com.ibm.websphere.security.SSOAuthenticator
Deprecated. As of WAS 4.0, replaced by FormBasedLogin. Custom Login implementation should be modified to use FormBasedLogin (in WAS 4.0), the Servlet filter (Servelt 2.3 Spec.in WAS 5.0), and JAAS Programming model (in WAS 5.0).
- public class SSOAuthenticator
- extends java.lang.Object
SSOAuthenticator is a helper class that helps users to exploit WebSphere's Single Sign-On (SSO) feature. This class can be used by servlet developers to write servlets to perform custom login. For example, a login.html page might contain a set of textfields (e.g., userid, password) and a submit button. Action associated with the submit action can invoke a servlet e.g, CustomLoginServlet. The servlet can pull the userid and password information out of the form. It can use the SSOAuthenticator to login the user. It can call the login(userid, password, req, res) method by passing in the userid, password and the HttpServletRequest and HttpServletResponse objects. The method will perform authentication and set up a single sign on cookie. This requires that security is enabled, LTPA is the selected authentication mechanism and the Single Sign-On feature is also enabled. Without any of these pre-reqs, the construction of the SSOAuthentication will throw a IllegalStateException.
Constructor Summary SSOAuthenticator()
Deprecated. As of WAS 4.0, replaced by JAAS programming model in WAS 5.0.
Method Summary java.lang.String getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)
Deprecated. Replaced by servlet filter.java.lang.String getRefererURL(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Deprecated.java.lang.String getSSOCookieName()
Deprecated. This method returns the SSO cookie name.org.omg.SecurityLevel2.Credentials login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Deprecated. Replaced by JAAS programming model LoginContext login.org.omg.SecurityLevel2.Credentials login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean force_auth)
Deprecated. Replaced by JAAS programming model LoginContext login.void logout(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Deprecated. Replaced by JAAS programming model LoginContext logout.
Methods inherited from class java.lang.Object clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Constructor Detail SSOAuthenticator
public SSOAuthenticator() throws java.lang.IllegalStateException
- Deprecated. As of WAS 4.0, replaced by JAAS programming model in WAS 5.0.
- Constructing SSOAuthenticator will initialize its state based on the underlying WebSphere configuration. For a successful construction: WebSphere's security should be enabled, LTPA authentication mechanism should be the selected authentication mechanism, Single Sign-On should be enabled If any of the above conditions are not met, constructor will throw an IllegalStateException
- Throws:
- java.lang.IllegalStateException
Method Detail login
public org.omg.SecurityLevel2.Credentials login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws org.omg.SecurityLevel2.LoginFailed
- Deprecated. Replaced by JAAS programming model LoginContext login.
- The following login method will authenticate the user based on the userid and password values. If authentication is successful, it will create a SSO cookie based on the SSO configuration and will set the cookie on the response header. If authentication fails, it will throw a org.omg.SecurityLevel2.LoginFailed exception. This method returns the credentials based on successful login.
- Parameters:
- userid - userid of the user
- password - password of the user
- req - HttpServletRequest object passed into the servlet's doPost method call
- res - HttpServletResponse object passed into the servlet's doPost method call
- Throws:
- LoginFailed - exception
login
public org.omg.SecurityLevel2.Credentials login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean force_auth) throws org.omg.SecurityLevel2.LoginFailed
- Deprecated. Replaced by JAAS programming model LoginContext login.
- The following login method will authenticate the user based on the userid and password values if the value for force_auth parameters is set to true. If authentication is successful, it will create a SSO cookie based on the SSO configuration If the value for force_auth is set to false, then authentication will not be performed.The userid and password will be used to create a SSO cookie. This cookie will be set on the response header. In either case, if authentication is required and if it fails, the method will throw a org.omg.SecurityLevel2.LoginFailed exception
- Parameters:
- userid - userid of the user
- password - password of the user
- req - HttpServletRequest object passed into the servlet's doPost method call
- res - HttpServletResponse object passed into the servlet's doPost method call
- force_auth - If authentication is required, this value should be true. If it is set to false, this method will not perform authentication.
- Throws:
- LoginFailed - exception
logout
public void logout(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
- Deprecated. Replaced by JAAS programming model LoginContext logout.
- The logout method will log the user out by deleting the SSOCookie. Any subsequent request by the user will be performed only after being authenticated to the system.
- Parameters:
- req - HttpServletRequest object passed into the servlet's doPost method call
- res - HttpServletResponse object passed into the servlet's doPost method call
getRefererURL
public java.lang.String getRefererURL(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
- Deprecated.
getSSOCookieName
public java.lang.String getSSOCookieName()
- Deprecated.
- This method returns the SSO cookie name.
- Returns:
- SSO cookie name
getLTPACookieValue
public java.lang.String getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)
- Deprecated. Replaced by servlet filter.
- This method can be used to obtain a string token which can be used to maintain state management between clients. This state is maintained by default using the HTTP Cookie mechanism. If users want to achieve their own state management (e.g, pass it as parameters to applets), they can use this SSO cookie value.
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.