Thursday 25 August 2011

Develop Custom Authentication filters


Types of  authentication filter
  •   Explicit login: This is a login by user name and password as represented by the interfacecom.ibm.portal.auth.ExplicitLoginFilter. For example, this can be a login by using the login portlet or the login URL.
  •   Implicit login: For example, this can be when a user is already authenticated by WAS, but not yet to Portal. This is represented by the interface com.ibm.portal.auth.ImplicitLoginFilter.
  •  Explicit logout: This means that the user triggers a logout action directly, for example by clicking the Logout button in the user interface, interface com.ibm.portal.auth.ExplicitLogoutFilter.
  •  Implicit logout: For example, this can be after a session timeout, or if an authenticated user accesses a public page, or if the user navigates to a virtual portal without being member of the associated user realm. This is represented by the interface com.ibm.portal.auth.ImplicitLogoutFilter.
  •   Session Timeout: This is called immediately after an idle timeout of the user session occurred. This is represented by the interface com.ibm.portal.auth.SessionTimeoutFilter.
  •  Session Validation: This is called for every request before actions are triggered and the page is rendered. This is represented by the interface com.ibm.portal.auth.SessionValidationFilter.

  • Steps to be followed to Create Custom Filter
    To create a custom authentication filter, follow these steps:
    1. Implement one of the six available filter interfaces.
    2. Export your implementation as a JAR onto the Portal class path, for example, portalServer_root/shared/app.
    3. Complete the following steps to register the filter in WebSphere Application Server:
    a.  Login to the WebSphere Application Server Integrated Solutions Console as an Administrator.
    b. Select Resources->Resource Environment Providers->WPAuthenticationService->Custom properties
    c. Add a new entry to register your custom filter.
    4. Restart WebSphere Portal for the changes to take effect.

    Creating Custom ExplicitLoginFilter
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import com.ibm.websphere.security.WSSecurityException;
    import com.ibm.portal.auth.ExplicitLoginFilter;
    import com.ibm.portal.auth.ExplicitLoginFilterChain;
    import com.ibm.portal.auth.FilterChainContext;
    import com.ibm.portal.auth.exceptions.*;
    import com.ibm.portal.security.SecurityFilterConfig;
    import com.ibm.portal.security.exceptions.SecurityFilterInitException;
    import javax.security.auth.Subject;
    import javax.security.auth.login.LoginException;
    public class TestExplictFilter implements ExplicitLoginFilter{

          public void destroy() {
                // TODO Auto-generated method stub
               
          }

          public void init(SecurityFilterConfig arg0)
                      throws SecurityFilterInitException {
                // TODO Auto-generated method stub
               
          }

        public void login(HttpServletRequest req,
                HttpServletResponse resp,
                String userID,
                char[] password,
                FilterChainContext portalLoginContext,
                Subject subject,
                String realm,
                ExplicitLoginFilterChain chain)
          throws javax.security.auth.login.LoginException,
                WSSecurityException,
                PasswordInvalidException,
                UserIDInvalidException,
                AuthenticationFailedException,
                AuthenticationException,
                SystemLoginException,
                LoginException {
                 // first call the next filter in the chain to pass on the login information
            try {
                     
                chain.login(req, resp, userID, password, portalLoginContext, subject, realm);
                System.out.println("RedirectURL="+portalLoginContext.getRedirectURL());
                System.out.println("Paasword="+password);
                     
                } catch (com.ibm.portal.auth.exceptions.LoginException e) {
                      // TODO Auto-generated catch block
                      e.printStackTrace();
                }
                // TODO Auto-generated method stub
          }

    }

    Registering the service

       
             Name: login.explicit.filterchain
           Value: com.sample.login.filter.TestExplictFilter
 
              After Login using  Login Portlet:


 Download the code

2 comments:

  1. Hi, i'm usign WAS 8.0.0.6 there is another configuration for this version?, because when i'am did this sptes i have de next Error :Error 500: javax.servlet.ServletException: Filter [PreviewFilter]: could not be initialized , in the Portal page. Regards

    ReplyDelete
  2. Hi, how can I decode this password?

    ReplyDelete