com.ibm.websphere.security
Class SSOAuthenticator

java.lang.Objec
  |
  +--

com.ibm.websphere.security.SSOAuthenticator


Deprecated.

 As of WAS 4.0, replaced by FormBasedLogin. Custom Login implementation should be modified to use FormBasedLogin (in WAS 4.0), the Servlet filter (Servelt 2.3 Spec.in WAS 5.0), and JAAS Programming model (in WAS 5.0).

public class

SSOAuthenticator

extends java.lang.Object

SSOAuthenticator is a helper class that helps users to exploit WebSphere's Single Sign-On (SSO) feature. This class can be used by servlet developers to write servlets to perform custom login. For example, a login.html page might contain a set of textfields (e.g., userid, password) and a submit button. Action associated with the submi action can invoke a servlet e.g, CustomLoginServlet. The servlet can pull the userid and password information out of the form. It can use the SSOAuthenticator to login the user. It can call the login(userid, password, req, res) method by passing in the userid, password and the HttpServletRequest and HttpServletResponse objects. The method will perform authentication and set up a single sign on cookie. This requires that security is enabled, LTPA is the selected authentication mechanism and the Single Sign-On feature is also enabled. Without any of these pre-reqs, the construction of the SSOAuthentication will throw a IllegalStateException.


Constructor Summary

SSOAuthenticator()

Deprecated.

 As of WAS 4.0, replaced by JAAS programming model in WAS 5.0.
 

Method Summary

 java.lang.String getLTPACookieValue(org.omg.SecurityLevel2.Credentials credentials)

Deprecated.

 Replaced by servlet filter.
 java.lang.String javax.servlet.http.HttpServletResponse)">getRefererURL(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)

Deprecated.

 java.lang.String getSSOCookieName()

Deprecated.

 This method returns the SSO cookie name.
 org.omg.SecurityLevel2.Credentials java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)">login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)

Deprecated.

 Replaced by JAAS programming model LoginContext login.
 org.omg.SecurityLevel2.Credentials java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean)">login(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean force_auth)

Deprecated.

 Replaced by JAAS programming model LoginContext login.
 void javax.servlet.http.HttpServletResponse)">logout(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)

Deprecated.

 Replaced by JAAS programming model LoginContext logout.
 

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

 

SSOAuthenticator

public 

SSOAuthenticator

() throws java.lang.IllegalStateException

Deprecated.

 As of WAS 4.0, replaced by JAAS programming model in WAS 5.0.

Constructing SSOAuthenticator will initialize its state based on the underlying WebSphere config. For a successful construction: WebSphere's security should be enabled, LTPA authentication mechanism should be the selected authentication mechanism, Single Sign-On should be enabled If any of the above conditions are not met, constructor will throw an IllegalStateException

Throws:

java.lang.IllegalStateException -  

Method Detail

java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)">

 

login

public org.omg.SecurityLevel2.Credentials 

login

(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws org.omg.SecurityLevel2.LoginFailed

Deprecated.

 Replaced by JAAS programming model LoginContext login.

The following login method will authenticate the user based on the userid and password values. If authentication is successful, it will create a SSO cookie based on the SSO config and will set the cookie on the response header. If authentication fails, it will throw a org.omg.SecurityLevel2.LoginFailed exception. This method returns the credentials based on successful login.

Parameters:

userid - userid of the user
password - password of the user
req - HttpServletRequest object passed into the servlet's doPost method call
res - HttpServletResponse object passed into the servlet's doPost method call
return - CORBA credentials of the user based on successful login
Throws:
LoginFailed - exception


java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean)">

 

login

public org.omg.SecurityLevel2.Credentials 

login

(java.lang.String userid, java.lang.String password, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean force_auth) throws org.omg.SecurityLevel2.LoginFailed

Deprecated.

 Replaced by JAAS programming model LoginContext login.

The following login method will authenticate the user based on the userid and password values if the value for force_auth parameters is set to true. If authentication is successful, it will create a SSO cookie based on the SSO config If the value for force_auth is set to false, then authentication will not be performed.The userid and password will be used to create a SSO cookie. This cookie will be set on the response header. In either case, if authentication is required and if it fails, the method will throw a org.omg.SecurityLevel2.LoginFailed exception

Parameters:

userid - userid of the user
password - password of the user
req - HttpServletRequest object passed into the servlet's doPost method call
res - HttpServletResponse object passed into the servlet's doPost method call
force_auth - If authentication is required, this value should be true. If it is se to false, this method will not perform authentication.
return - CORBA credentials of the user based on successful login

Throws:

LoginFailed - exception


javax.servlet.http.HttpServletResponse)">

 

logout

public void 

logout

(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)

Deprecated.

 Replaced by JAAS programming model LoginContext logout.

The logout method will log the user out by deleting the SSOCookie. Any subsequen request by the user will be performed only after being authenticated to the system.

Parameters:

req - HttpServletRequest object passed into the servlet's doPost method call
res - HttpServletResponse object passed into the servlet's doPost method call


javax.servlet.http.HttpServletResponse)">

 

getRefererURL

public java.lang.String 

getRefererURL

(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)

Deprecated.

 


 

getSSOCookieName

public java.lang.String 

getSSOCookieName

()

Deprecated.

 
This method returns the SSO cookie name.

Returns:

SSO cookie name


 

getLTPACookieValue

public java.lang.String 

getLTPACookieValue

(org.omg.SecurityLevel2.Credentials credentials)

Deprecated.

 Replaced by servlet filter.

This method can be used to obtain a string token which can be used to maintain state management between clients. This state is maintained by default using the HTTP Cookie mechanism. If users want to achieve their own state management (e.g, pass it as parameters to applets), they can use this SSO cookie value.

Parameters:

userid - userid
password - user's password



 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.