com.ibm.portal.portlet.service.login
Interface LoginService

All Superinterfaces:

PortletService

public interface LoginService
extends PortletService

This portlet service can be used to perform a login with user and password. It can be retrieved with the LoginHome interface.

Since:

6.0.1

Field Summary

static java.lang.String	DO_DELETE_REMEMBER_ME_COOKIE This constant must be used as key to store a Boolean object in the portal login context map passed in to the login(String, char[], Map, Subject) method of the service to pass in the information whether an existing remember me cookie of the current user should be removed or not.
static java.lang.String	DO_RESUME_SESSION_KEY This constant must be used as key to store a Boolean object in the portal login context map passed in to the login(String, char[], Map, Subject) method of the service to pass in the information whether the session should be resumed or not.
static java.lang.String	DO_SET_REMEMBER_ME_COOKIE This constant must be used as key to store a Boolean object in the portal login context map passed in to the login(String, char[], Map, Subject) method of the service to pass in the information whether a cookie to remember the current user should be set or not.

Method Summary

boolean	checkPassword(java.lang.String userID, char[] password) This method checks whether the supplied username and password is valid against the current WAS user registry.
boolean	isFormAuthenticated(javax.portlet.PortletRequest portletRequest, javax.portlet.PortletResponse portletResponse) This method indicates whether the current portal user has been authenticated using the default login mechanism of portal .
void	login(java.lang.String userID, char[] password, java.util.Map portalLoginContext, javax.security.auth.Subject subject) This method triggers a Portal login.

Field Detail

DO_RESUME_SESSION_KEY

static final java.lang.String DO_RESUME_SESSION_KEY

This constant must be used as key to store a Boolean object in the portal login context map passed in to the login(String, char[], Map, Subject) method of the service to pass in the information whether the session should be resumed or not. If the boolean value of the object is "true", the default portal login logic tries to resume the last session of the user after a successful login. If this property is not set or set to an invalid value, it is by default considered as "false".

See Also:

Constant Field Values

DO_SET_REMEMBER_ME_COOKIE

static final java.lang.String DO_SET_REMEMBER_ME_COOKIE

This constant must be used as key to store a Boolean object in the portal login context map passed in to the login(String, char[], Map, Subject) method of the service to pass in the information whether a cookie to remember the current user should be set or not. If the boolean value of the object is "true", the default portal login logic sets the remember me cookie. If this property is not set or set to an invalid value, it is by default considered as "false".

Since:

6.1

See Also:

Constant Field Values

DO_DELETE_REMEMBER_ME_COOKIE

static final java.lang.String DO_DELETE_REMEMBER_ME_COOKIE

This constant must be used as key to store a Boolean object in the portal login context map passed in to the login(String, char[], Map, Subject) method of the service to pass in the information whether an existing remember me cookie of the current user should be removed or not. If the boolean value of the object is "true", the default portal login logic will remove the remember me cookie. If this property is not set or set to an invalid value, it is by default considered as "false".

Since:

6.1

See Also:

Constant Field Values

Method Detail

login

void login(java.lang.String userID,
           char[] password,
           java.util.Map portalLoginContext,
           javax.security.auth.Subject subject)
           throws javax.security.auth.login.LoginException,
                  com.ibm.websphere.security.WSSecurityException,
                  PasswordInvalidException,
                  UserIDInvalidException,
                  AuthenticationFailedException,
                  AuthenticationException,
                  SessionTimeOutException,
                  PortletLoginDisabledException,
                  UserAlreadyLoggedInException,
                  SystemLoginException,
                  LoginException

This method triggers a Portal login. If there is no exception thrown during execution, Portal will establish a valid security context for the user identified by the user id passed in and redirect to the specified login redirect URL.

Parameters:

userID - The user id of the user.

password - The password of the user represented as an array of characters.

portalLoginContext - Map that should contain a Boolean value for the DO_RESUME_SESSION_KEY.

subject - A security subject that can be passed along to the WAS login modules, can be null if not needed.

Throws:

javax.security.auth.login.LoginException - Thrown if WAS login failed.

com.ibm.websphere.security.WSSecurityException - Thrown if WAS login failed.

PasswordInvalidException - Thrown if the password is null or empty.

UserIDInvalidException - Thrown if the user id is null or empty.

AuthenticationFailedException - Thrown if the Authentication failed for some other reason.

AuthenticationException - Thrown if the Authentication failed for some other reason.

SessionTimeOutException - For future use: Thrown if the user did not log out the last time he accessed Portal. Currently, this exception is never thrown in this service, as the underlying implementation enforces a logout including a redirect to the error screen or the specified logout redirect URL.

PortletLoginDisabledException - Thrown if the authentication.screen.login property has been set to "true" in the properties of the Portal Authentication Service.

UserAlreadyLoggedInException - Thrown if the user is already logged in.

SystemLoginException - Thrown when an inrecoverable problem occurred within Portal during Login.

LoginException - Thrown if the Login failed for some other reason. Superclass for all Portal Login exceptions.

isFormAuthenticated

boolean isFormAuthenticated(javax.portlet.PortletRequest portletRequest,
                            javax.portlet.PortletResponse portletResponse)
                            throws SecurityException

This method indicates whether the current portal user has been authenticated using the default login mechanism of portal . It returns

• true if the user has been authenticated using the login form,
• false if the user has been authenticated using another authentication mechanism, e.g. remember me cookie authentication.

Parameters:

portletRequest - The current portlet request.

portletResponse - The current portlet response.

Returns:

A boolean revealing the user's authentication status concerning form-based authentication.

Throws:

SecurityException - If the verification of the default authentication level fails because of an exceptional state.

checkPassword

boolean checkPassword(java.lang.String userID,
                      char[] password)
                      throws PasswordInvalidException,
                             UserIDInvalidException,
                             AuthenticationFailedException

This method checks whether the supplied username and password is valid against the current WAS user registry. It returns

• true if the username and password combination is correct

If the username and password combination is incorrect or authentication fails for any reason, or if there are problems with the parameters, an Exception is thrown

Parameters:

userID - The user id of the user.

password - The password of the user represented as an array of characters.

Returns:

true if the username and password are valid or throws an Exception if not

Throws:

PasswordInvalidException - Thrown if the password is null or empty.

UserIDInvalidException - Thrown if the user id is null or empty.

AuthenticationFailedException - Thrown if the authentication failed for some other reason.