Ranieri Mazili Ranieri Mazili - 2 months ago 9
Java Question

How to create login page that uses websphere repositories?

I want to create a simple JSP/Servlet login page that authenticate using websphere ldap repository.
All examples I've found looks very complex, with hundreds of lines of code just to authenticate.

Is this really so complex?

Does anyone have a simple example or article that explains how to authenticate a user/pass against a ldap repository already configured as websphere federated repository?

I really appreciate any help.
Thanks

Gas Gas
Answer

This is quit simple in reality. You need following pieces:

1) Login page with form that points to j_security_check See this page for details Customizing web application login

Very simplified example is like this:

<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="text" name="j_password" autocomplete="off"> 
<\form>

2) Security configured in web.xml

Something like this:

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>

plus security constraint:

<security-constraint>
        <display-name>allResources</display-name>
        <web-resource-collection>
            <web-resource-name>allResources</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>users</role-name>
        </auth-constraint>
    </security-constraint>

3) Application security enabled on the application server and user registry configured.

That's it.