Friday, April 11, 2014

Create custom Authentication Filters for websphere portal 7/8

Create custom Authentication Filters for websphere portal 7/8




Portal authentication filters are used to intercept the portal login, logout or session timeout and process custom code.  Like redirecting the user to a specific landing page based on the users roles instead of the homepage.

Portal authentication filters uses the same pattern as servlet filters.

Available authentication filter chains
The filter chain concept described in the previous section is applied to six types of events that concern the flows of Portal login, logout, and session handling. This provides a flexible approach to plug custom logic to each of those flows. In particular, there are filter chains for the following events:
  • Explicit login: This is a login by user name and password as represented by the interface com.ibm.portal.auth.ExplicitLoginFilter. For example, this can be a login by using the login portlet or the login URL.
  • Implicit login: For example, this can be when a user is already authenticated by WAS, but not yet to Portal. This is represented by the interface com.ibm.portal.auth.ImplicitLoginFilter.
  • Explicit logout: This means that the user triggers a logout action directly, for example by clicking the Logout button in the user interface, interface com.ibm.portal.auth.ExplicitLogoutFilter.
  • Implicit logout: For example, this can be after a session timeout, or if an authenticated user accesses a public page, or if the user navigates to a virtual portal without being member of the associated user realm. This is represented by the interface com.ibm.portal.auth.ImplicitLogoutFilter.
  • Session Timeout: This is called immediately after an idle timeout of the user session occurred. This is represented by the interface com.ibm.portal.auth.SessionTimeoutFilter.
  • Session Validation: This is called for every request before actions are triggered and the page is rendered. This is represented by the interface com.ibm.portal.auth.SessionValidationFilter.
Besides the session timeout filter, each of the previous filters has access to the HTTP request and response objects. A special context object can be used to share information between filters and set redirects that are executed after the filter chain has been processed. For more detailed information about each of the filter and the filter chain interfaces see the documentation for both WebSphere® Portal and the API JavaDoc. For a filter chain example see the topic with the Example of a custom authentication filter.

Steps for creating Authentication filters.

In Rad create a java project. Lets say TestAuthfilters and implement one of the six filters.
Add the below 4 jars to your projects build path.


Below is the sample code to implement custom Explicit login filter.

package com.test.authfilters;

import java.io.IOException;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.ibm.portal.auth.ExplicitLoginFilter;
import com.ibm.portal.auth.ExplicitLoginFilterChain;
import com.ibm.portal.auth.FilterChainContext;
import com.ibm.portal.auth.exceptions.AuthenticationException;
import com.ibm.portal.auth.exceptions.AuthenticationFailedException;
import com.ibm.portal.auth.exceptions.PasswordInvalidException;
import com.ibm.portal.auth.exceptions.SystemLoginException;
import com.ibm.portal.auth.exceptions.UserIDInvalidException;
import com.ibm.portal.security.SecurityFilterConfig;
import com.ibm.portal.security.exceptions.SecurityFilterInitException;
import com.ibm.websphere.security.WSSecurityException;

public class TestExplicitLoginFilter implements ExplicitLoginFilter {
     
      public void login(HttpServletRequest req, HttpServletResponse resp,
                  String userid, char[] password, FilterChainContext portalLoginContext, Subject subject,
                  String realm, ExplicitLoginFilterChain chain) throws LoginException,
                  WSSecurityException, PasswordInvalidException,
                  UserIDInvalidException, AuthenticationFailedException,
                  AuthenticationException, SystemLoginException,
                  com.ibm.portal.auth.exceptions.LoginException {
            // TODO Auto-generated method stub
           
            chain.login(req,resp, userid, password, portalLoginContext, subject, realm);
             
                  if(userid.equals(paul){
setRedirectURL(req, context, "/wps/myportal/pageA");
}else{
setRedirectURL(req, context, "/wps/myportal/pageB");

}
                  }
         

     

      @Override
      public void destroy() {
            // TODO Auto-generated method stub

      }

      @Override
      public void init(SecurityFilterConfig arg0)
                  throws SecurityFilterInitException {
           
      }

}


Registering the authentication filters.
Login to WAS Integrated solutions console
Under Resources -> resource Environment -> Resource Enviornment Provides -> click WP_AuthenticationService -> custom properties.
And select New
Enter the below values 
Name:- login.explicit.filterchain
Value :- com.test.authfilters.TestExplicitLoginFilter
 
Click apply and save the changes. 
Now export your project as jar and copy it to portalServer_root/shared/app folder
And restart the portal server for these changes to take effect.

Posted by at 13 comments:
Labels: , , , ,
Subscribe to: Posts (Atom)