Example of a Protected JSP Page

The following code illustrates a JavaServer Page (JSP) with the login and logout functionality. This page has a section that can be viewed only by authenticated users. This code uses the Single Sign On interface of Access Manager.

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="com.iplanet.sso.*"%>
<h1>AuthTest</h1>

<p>
 <a href="http://ipp-node11.czech.sun.com/amserver/UI/Login?org=dc%3Dczech%2C
dc%3Dsun%2Cdc%3Dcom&goto=/test.jsp&gotoOnFail=/error.jsp">Login</a>
|
 <a href="http://ipp-node11.czech.sun.com/amserver/UI/Logout?
goto=/test.jsp">Logout</a>
</p>

<%
SSOTokenManager ssoManager = SSOTokenManager.getInstance();
SSOToken ssoToken = null;
String orgName = "";

boolean ok = false;
try{
    ssoToken = ssoManager.createSSOToken(request);
}
catch(Exception e) {
    out.write("<p>Exception! "+e+"</p>");
}

if (ssoToken != null && ssoManager.isValidToken(ssoToken)) {
%>
<p>Access allowed!</p>
<%
}
else {
%>
<p>Access denied!</p>
<%
}
%>

In the above code, the login and logout links use the web interface of Access Manager to verify the username and password of users. The remaining part of the code checks if the HTTP request contains a valid SSO token. If a valid SSO token is found, the user is authenticated and access is allowed.

For more details, see the following guides:

• Sun Java System Access Manager 7.1 Documentation Collection

• Sun Java System Access Manager 7.1 Administration Guide

• Sun Java System Access Manager 7.1 Java API Reference