com.ibm.portal.auth
Interface ExplicitLoginFilter
- All Superinterfaces:
- SecurityFilter
public interface ExplicitLoginFilter
- extends SecurityFilter
This interface can be implemented to realize a custom element in the filter chain for the explicit
Portal login with user id and password.
The login method can then be used to add additional login logic before or after calling the next
login filter chain element by invoking the login method on the ExplicitLoginFilterChain
passed in as the last argument. The order of the login filter elements is defined by the login.explicit.filterchain
property in the Portal Authentication Service. The default filter implementation is always set as the last element in the chain
and performs the necessary steps to login the user both in WAS and in Portal according to the configuration.
Each login filter is instantiated as a singleton, so the implementor must make sure that
the login(HttpServletRequest, HttpServletResponse, String, char[], FilterChainContext, Subject, String, ExplicitLoginFilterChain)
method is thread-safe. The SecurityFilter.init(SecurityFilterConfig)
method is called once during Portal startup and gets the
values of all properties of the Portal Authentication Service that start with
filterchain.properties.<fully qualified classname of the implementing class>
passed in with the
SecurityFilterConfig
object. The SecurityFilter.destroy()
method is called once when Portal is shut down.
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme.
The API can not be invoked directly by a custom servlet.
- Since:
- 6.1
Method Summary |
void |
login(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
java.lang.String userID,
char[] password,
FilterChainContext portalLoginContext,
javax.security.auth.Subject subject,
java.lang.String realm,
ExplicitLoginFilterChain chain)
Can be used to implement custom login code for the explicit Portal login by user id and password. |
login
void login(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
java.lang.String userID,
char[] password,
FilterChainContext portalLoginContext,
javax.security.auth.Subject subject,
java.lang.String realm,
ExplicitLoginFilterChain chain)
throws javax.security.auth.login.LoginException,
com.ibm.websphere.security.WSSecurityException,
PasswordInvalidException,
UserIDInvalidException,
AuthenticationFailedException,
AuthenticationException,
SystemLoginException,
LoginException
- Can be used to implement custom login code for the explicit Portal login by user id and password.
The implementation should call the corresponding
login method on the next element in the login chain by invoking the login method on the last
argument passed in.
- Parameters:
req
- The servlet request.resp
- The servlet response. The implementor must not send a redirect
on this object, but use the FilterChainContext
object passed in as
an argument to set a redirect target to be executed after the filter chain
has been processed.userID
- The user id of the user the login is performed for.password
- The password that has been typed in for the login.portalLoginContext
- A FilterChainContext
object that can be used to share information between the login filter
implementations. If the login filter chain has been invoked by the LoginService
it contains a Boolean
value for the com.ibm.portal.portlet.service.login.LoginService.DO_RESUME_SESSION
propertysubject
- The security subject that can be passed in by the LoginService
.
Credentials and principals added to this subject will end up in the user's security context.
Can be null.realm
- A string identifying the current user realm. Can be null if multiple realms are not enabled or the user realm could not be retrieved.chain
- The reference to the login filter chain that has to be used to call the login method
of the next login filter chain element.
- Throws:
javax.security.auth.login.LoginException
- The java login exception that can be thrown by WAS when creating or invoking
the login context.
com.ibm.websphere.security.WSSecurityException
- This exception can be thrown by WAS when setting the security
subject.
PasswordInvalidException
- Thrown if the password is null or empty.
UserIDInvalidException
- Thrown if the user id is null or empty.
AuthenticationFailedException
- Thrown if the Authentication failed for some other reason.
AuthenticationException
- Thrown if the Authentication failed for some other reason.
SystemLoginException
- Thrown when an unrecoverable problem occurred within Portal during Login.
LoginException
- This generic exception is thrown for all
kinds of other exceptions that can occur during the login process.