InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.6: Introduction to SAS programming >
5.7.6.2: Extracting credentials from a thread >
5.7.6.2.2: Client-side programmatic login

5.7.6.2.2: Client-side programmatic login

Client-side programmatic login allows the programmer to control when a user is prompted for the user ID and password used in constructing basic-authentication credentials. Without programmatic login, WebSphere Application Server security automatically prompts the user when the first method is invoked at a secured server. Clients that can use this technique are Java clients and servlets that access enterprise beans on other servers.

On the client side, the basic-authentication credentials are maintained in the Current object on the client's thread of execution.

The LoginHelper class is a WebSphere-provided utility class that provides wrappers around CORBA security methods. It can be used by pure Java clients that need the ability to programmatically authenticate users but don't need to use the authentication data on the client side. It provides the request_login method, which is used by the Security Service to get login information from the client (or server) if the required credentials are not available.

A LoginHelper object can be used to obtain the user information with which to perform a login; that is, it can be used to collect the information needed for a basic-authorization credential. It is typically implemented to present a login pop-up. An instance of the LoginHelper object can be created at any time. The Security Service can provide different implementations of this object for different conditions, but the actual implementation class used by the Security Service is directly coded into the service, to prevent tampering.

The example code illustrates how to get a reference to a LoginHelper object from a Current object, how to create a basic-authorization credential, and how to set the credential onto the Current object for propogation to a server or other access. For more information on programmatic login, see 5.4: Using programmatic and custom login.

A LoginHelper wrapper class is provided to simplify the use of the SAS programming model. For information on this LoginHelper wrapper class, see 5.4.1.2: The LoginHelper Class. SAS also has a LoginHelper class but it provides lower level login functionality. It only actually does the login and does not have any other helper methods included to manipulate the credentials like the one mentioned in section 5.4.1.2.

...
// Get the security Current object.
...
if (current != null)
{
// Get a handle to LoginHelper from the Current object.
com.ibm.IExtendedSecurity._LoginHelper loginHelper = current.login_helper();

// Construct a basic-authorization credential for
// later authentication by the server.
org.omg.SecurityLevel2.Credentials credentials =
loginHelper.request_login(security_name,
realm_name,
password,
new org.omg.SecurityLevel2.CredentialsHolder(),
new org.omg.Security.OpaqueHolder());

// Set the credentials for outbound requests.
current.set_credentials(org.omg.Security.CredentialType.SecInvocationCredentials, credentials);
...
}
Go to previous article: SAS Programming/Credentials Go to next article: Server-side programmatic login

 

 
Go to previous article: SAS Programming/Credentials Go to next article: Server-side programmatic login