com.ibm.portal.auth
Interface ImplicitLoginFilter
- All Superinterfaces:
- SecurityFilter
public interface ImplicitLoginFilter
- extends SecurityFilter
This interface can be implemented to realize a custom element in the login filter chain for the implicit Portal login,
i.e. the case that a user who is already authenticated by WAS accesses a protected Portal page without a Portal session.
This also matches to the case that Portal is configured for resuming sessions after an idle timeout.
The login method can then be used to add additional login logic before or after calling the next
login filter chain element by invoking the login method on the ImplicitLoginFilterChain
passed in as the last argument. The order of the login filter elements is defined by the login.implicit.filterchain
property in the Portal Authentication Service. The default filter implementation is always set as the last element in the chain
and performs the necessary steps to login the user in Portal based on the existing WAS security context.
Each login filter is instantiated as a singleton, so the implementor must make sure that
the login(HttpServletRequest, HttpServletResponse, FilterChainContext, String, ImplicitLoginFilterChain)
method is thread-safe. The SecurityFilter.init(SecurityFilterConfig) method is called once during Portal startup and gets the
values of all properties of the Portal Authentication Service that start with
filterchain.properties.<fully qualified classname of the implementing class> passed in with the
SecurityFilterConfig object. The SecurityFilter.destroy() method is called once when Portal is shut down.
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme.
The API can not be invoked directly by a custom servlet.
- Since:
- 6.1
|
Method Summary |
void |
login(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalLoginContext,
java.lang.String realm,
ImplicitLoginFilterChain chain)
Can be used to implement custom login code for the implicit login. |
login
void login(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalLoginContext,
java.lang.String realm,
ImplicitLoginFilterChain chain)
throws javax.security.auth.login.LoginException,
com.ibm.websphere.security.WSSecurityException,
SessionTimeOutException,
AuthenticationFailedException,
AuthenticationException,
SystemLoginException,
LoginException
- Can be used to implement custom login code for the implicit login. The implementation should call the corresponding
login method on the next element in the login chain by invoking the login method on the last
argument passed in.
- Parameters:
req - The servlet request.resp - The servlet response. The implementor must not send a redirect
on this object, but use the FilterChainContext object passed in as
an argument to set a redirect target to be executed after the filter chain
has been processed.portalLoginContext - A FilterChainContext object that can be used to share information between the login filter
implementations.realm - A string identifying the current user realm. Can be null if multiple realms are not enabled or the user realm could not be retrieved.chain - The reference to the login filter chain that has to be used to call the login method
of the next login filter chain element.
- Throws:
javax.security.auth.login.LoginException - The java login exception that can be thrown by WAS when creating or invoking
the login context for the Portal JAAS login.
com.ibm.websphere.security.WSSecurityException - This exception can be thrown by WAS when retrieving the security
subject.
SessionTimeOutException - To be thrown if the user did not log out the last time he accessed Portal.
This does currently not happen as the session timeout is handled internally in Portal.
AuthenticationFailedException - Thrown if the Authentication failed for some other reason.
AuthenticationException - Thrown if the Authentication failed for some other reason.
SystemLoginException - Thrown when an unrecoverable problem occurred within Portal during Login.
LoginException - This generic exception is thrown for all
kinds of other exceptions that can occur during the login process.