The $WSHOME/WEB-INF/web.xml file contains the definition the Service Provider Authentication/Authorization filter. This filter handles authentication and ensures that protected pages can only be accessed after successful authentication. If a client attempts to access to a protected page without proper authentication, the filter would redirect the client to the login page.
The Service Provider Authentication/Authorization filter defines the following parameters. Note that the parameters that specify a directory or page must include the path to the web application.
Name |
Default Value |
Description |
---|---|---|
protected-pages-path |
/spe/user/protected |
The full path for pages that require authentication. Pages that do not require authentication should not be placed in this directory. |
login-page |
/spe/user/Login.do |
The full path to the login page where the user is redirected when attempting to access a protected page without proper authentication. |
profile-locked-page |
/spe/user/ProfileLocked.do |
The full path to the page that is displayed when a user attempts to login while the account is locked. |
profile-has-been-locked-page |
/spe/user/ProfileHasBeenLocked.do |
The full path to the page that is displayed when a user exceeds the maximum number of failed login attempts. |
preserve-query-string |
true |
Indicates whether to preserve the query string when a user is redirected to the login page. The allowed values are true or false. |
See Account and Password Policies for information about implementing lockout policies in Service Provider.
The protected-pages-path parameter in the web.xml file specifies the directory in which pages that need authentication must reside. Public pages must reside in a different location.
The following pages are provided in the $WSHOME/spe/user/protected directory by default.
Form.jsp— Displays Waveset form output.
Home.jsp— The content that appears on the page that is displayed after the user is successfully authenticated.
OperationResult.jsp— Displays a successful operation message in an authenticated context, such as a successful password change.
Other customized files may be added to this directory.
See Specifying an Action Path for more information about implementing authentication with the default authentication filter.