Types of authentication filter
Explicit login: This is a login by user name and password as represented by the interfacecom.ibm.portal.auth.ExplicitLoginFilter. For example, this can be a login by using the login portlet or the login URL.
Implicit login: For example, this can be when a user is already authenticated by WAS, but not yet to Portal. This is represented by the interface com.ibm.portal.auth.ImplicitLoginFilter.
Explicit logout: This means that the user triggers a logout action directly, for example by clicking the Logout button in the user interface, interface com.ibm.portal.auth.ExplicitLogoutFilter.
Implicit logout: For example, this can be after a session timeout, or if an authenticated user accesses a public page, or if the user navigates to a virtual portal without being member of the associated user realm. This is represented by the interface com.ibm.portal.auth.ImplicitLogoutFilter.
Session Timeout: This is called immediately after an idle timeout of the user session occurred. This is represented by the interface com.ibm.portal.auth.SessionTimeoutFilter.
Session Validation: This is called for every request before actions are triggered and the page is rendered. This is represented by the interface com.ibm.portal.auth.SessionValidationFilter.
Steps to be followed to Create Custom Filter
To create a custom authentication filter, follow the below steps:
1. Implement one of the available 6 filter interfaces.
2. Export your implementation as a JAR onto the Portal class path, for example, profile_root/shared/app.
3. Complete the following steps to register the filter in WebSphere Application Server:
Creating Custom Explicit LoginFilter
Registering the service
Explicit login: This is a login by user name and password as represented by the interfacecom.ibm.portal.auth.ExplicitLoginFilter. For example, this can be a login by using the login portlet or the login URL.
Implicit login: For example, this can be when a user is already authenticated by WAS, but not yet to Portal. This is represented by the interface com.ibm.portal.auth.ImplicitLoginFilter.
Explicit logout: This means that the user triggers a logout action directly, for example by clicking the Logout button in the user interface, interface com.ibm.portal.auth.ExplicitLogoutFilter.
Implicit logout: For example, this can be after a session timeout, or if an authenticated user accesses a public page, or if the user navigates to a virtual portal without being member of the associated user realm. This is represented by the interface com.ibm.portal.auth.ImplicitLogoutFilter.
Session Timeout: This is called immediately after an idle timeout of the user session occurred. This is represented by the interface com.ibm.portal.auth.SessionTimeoutFilter.
Session Validation: This is called for every request before actions are triggered and the page is rendered. This is represented by the interface com.ibm.portal.auth.SessionValidationFilter.
Steps to be followed to Create Custom Filter
To create a custom authentication filter, follow the below steps:
1. Implement one of the available 6 filter interfaces.
2. Export your implementation as a JAR onto the Portal class path, for example, profile_root/shared/app.
3. Complete the following steps to register the filter in WebSphere Application Server:
- Login to the WebSphere Application Server Integrated Solutions Console as an Administrator.
- Select Resources->Resource Environment Providers->WPAuthenticationService->Custom properties.
- Add a new entry to register your custom filter as shown in below screenshot.
Creating Custom Explicit LoginFilter
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.portal.auth.ExplicitLoginFilter;
import com.ibm.portal.auth.ExplicitLoginFilterChain;
import com.ibm.portal.auth.FilterChainContext;
import com.ibm.portal.auth.exceptions.*;
import com.ibm.portal.security.SecurityFilterConfig;
import com.ibm.portal.security.exceptions.SecurityFilterInitException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
public class TestExplictFilter implements ExplicitLoginFilter{
public void destroy() {}
public void init(SecurityFilterConfig arg0) throws SecurityFilterInitException {}
public void login(HttpServletRequest req, HttpServletResponse resp, String userID, char[] password, FilterChainContext portalLoginContext, Subject subject, String realm, ExplicitLoginFilterChain chain) throws javax.security.auth.login.LoginException, WSSecurityException, PasswordInvalidException, UserIDInvalidException, AuthenticationFailedException, AuthenticationException, SystemLoginException,
LoginException {
// first call the next filter in the chain to pass on the login information
try {
chain.login(req, resp, userID, password, portalLoginContext, subject, realm);
System.out.println("RedirectURL="+portalLoginContext.getRedirectURL());
System.out.println("Paasword="+password);
} catch (com.ibm.portal.auth.exceptions.LoginException e) { }
} }
Registering the service
- One the WAS console and navigate to Resources -> Environment Resource Provider -> WP_Authentication Service -> Custom Properties
- Create a new property with the following details.
Name: login.explicit.filterchain
Value: com.sample.login.filter.TestExplictFilter
- Click Save to save the configuration and now try to login to the portal server to hit the filter.
- Output of filter can be checked in the System.out logs.
No comments:
Post a Comment