Monday 29 August 2011

Login Service SPI

The public login portlet service introduced with WebSphere Portal V6.0.1 (interface com.ibm.portal.portlet.service.login.LoginService) can be used to trigger a form-based login to WebSphere Portal from any portlet .This service is useful in a couple of different scenarios in which the following conditions apply:
·      It is necessary to enhance the login portlet by additional elements, for example, a custom form, additional input elements, or enhanced portlet functionality.
  • The user input or parts of it need to be modified by some logic before being passed to the actual login.
  • You want to propagate information from the user interface to the actual login, for example, in the javax.security.auth.Subject object passed on to the Java™ Authentication and Authorization Service (JAAS) login or the login context that is passed to the ExplicitLoginFilter elements introduced with WebSphere Portal V6.1
  • You want to influence the login portlet’s behavior in reaction to particular errors that might occur during the login, for example, a redirect operation to a dedicated page to change the password after the login failed, indicating that the password expired. 
Operation of Login Service

An instance of the com.ibm.portal.portlet.service.login.LoginService is retrieved for FavouriteLogin Portlet request and response pair using the com.ibm.portal.portlet.service.login.LoginHome interface, which can be looked up using Java Naming and Directory Interface (JNDI) once (for example, during portlet initialization).The service provides one method to trigger a login that takes the user ID, password, a mandatory java.util.Map object that holds context information, and an optional prefilled javax.security.auth.Subject object. 

The login method defines a couple of exceptions to distinguish several error conditions that can cause the login to fail and might be handled appropriately in the portlet. Additionally, the interface defines a constant DO_RESUME_SESSION_KEY to be used as a key to store a java.lang.Boolean object to indicate whether the portal should perform a session resume. If an error occurs during login, the portlet renders the view with the login form again, additionally displaying the message of the error on the top.If there is no error in login, user is authenticated and redirected to protected page.(from /portal to /myportal)



For redirecting to a custom page after logging(using login service),please refer to my article.

Download the code

Posted by Dillibabu at 09:24

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)