test

Sun Java System Web Server 6.1 SP12 Programmer's Guide to Web Applications

Programmatic Login

Programmatic login allows a deployed J2SE application to invoke a login method. If the login is successful, a SecurityContext is established as if the client had authenticated using any of the conventional J2SE mechanisms.

Programmatic login is useful for an application with unique needs that cannot be accommodated by any of the J2SE standard authentication mechanisms.

This section discusses the following topics:

Precautions

The Sun Java System Web Server is not involved in how the login information (user name and password) is obtained by the deployed application. Programmatic login places the burden on the application developer with respect to assuring that the resulting system meets security requirements. If the application code reads the authentication information across the network, it is up to the application to determine whether to trust the user.

Programmatic login allows the application developer to bypass the application server-supported authentication mechanisms and feed authentication data directly to the security service. While flexible, this capability should not be used without some understanding of security issues.

Since this mechanism bypasses the container-managed authentication process and sequence, the application developer must be very careful in making sure that authentication is established before accessing any restricted resources or methods. It is also the application developer's responsibility to verify the status of the login attempt and to alter the behavior of the application accordingly.

The programmatic login state does not necessarily persist in sessions or participate in single sign-on.

Lazy authentication is not supported for programmatic login. If an access check is reached and the deployed application has not properly authenticated using the programmatic login method, access is denied immediately and the application may fail if not properly coded to account for this occurrence.

Granting Programmatic Login Permission

The ProgrammaticLoginPermission permission is required to invoke the programmatic login mechanism for an application. This permission is not granted by default to deployed applications because this is not a standard J2SE mechanism.

To grant the required permission to the application, add the following to the instance_dir/config/server.policy file:

grant codeBase "file:jar_file_path" {
    permission com.sun.appserv.security.ProgrammaticLoginPermission
    "login";
 };

The jar_file_path is the path to the application's JAR file.

For more information about the server.policy file, see The server.policy File.

The ProgrammaticLogin Class

The com.sun.appserv.security.ProgrammaticLogin class enables a user to perform login programmatically.

The login method for servlets or JSPs has the following signature:

public Boolean login(String user, String password, 
javax.servlet.http.HttpServletRequest request,
 javax.servlet.http.HttpServletResponse response)

This method: