Create custom Authentication Filters for websphere portal 7/8

Create custom Authentication Filters for websphere portal 7/8

Portal authentication filters are used to intercept the portal login, logout or session timeout and process custom code.  Like redirecting the user to a specific landing page based on the users roles instead of the homepage.

Portal authentication filters uses the same pattern as servlet filters.

Available authentication filter chains

The filter chain concept described in the previous section is applied to six types of events that concern the flows of Portal login, logout, and session handling. This provides a flexible approach to plug custom logic to each of those flows. In particular, there are filter chains for the following events:

• Explicit login: This is a login by user name and password as represented by the interface com.ibm.portal.auth.ExplicitLoginFilter. For example, this can be a login by using the login portlet or the login URL.
• Implicit login: For example, this can be when a user is already authenticated by WAS, but not yet to Portal. This is represented by the interface com.ibm.portal.auth.ImplicitLoginFilter.
• Explicit logout: This means that the user triggers a logout action directly, for example by clicking the Logout button in the user interface, interface com.ibm.portal.auth.ExplicitLogoutFilter.
• Implicit logout: For example, this can be after a session timeout, or if an authenticated user accesses a public page, or if the user navigates to a virtual portal without being member of the associated user realm. This is represented by the interface com.ibm.portal.auth.ImplicitLogoutFilter.
• Session Timeout: This is called immediately after an idle timeout of the user session occurred. This is represented by the interface com.ibm.portal.auth.SessionTimeoutFilter.
• Session Validation: This is called for every request before actions are triggered and the page is rendered. This is represented by the interface com.ibm.portal.auth.SessionValidationFilter.

Besides the session timeout filter, each of the previous filters has access to the HTTP request and response objects. A special context object can be used to share information between filters and set redirects that are executed after the filter chain has been processed. For more detailed information about each of the filter and the filter chain interfaces see the documentation for both WebSphere® Portal and the API JavaDoc. For a filter chain example see the topic with the Example of a custom authentication filter.

Steps for creating Authentication filters.

In Rad create a java project. Lets say TestAuthfilters and implement one of the six filters.

Add the below 4 jars to your projects build path.

Below is the sample code to implement custom Explicit login filter.

package com.test.authfilters;

import java.io.IOException;

import javax.security.auth.Subject;

import javax.security.auth.login.LoginException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import com.ibm.portal.auth.ExplicitLoginFilter;

import com.ibm.portal.auth.ExplicitLoginFilterChain;

import com.ibm.portal.auth.FilterChainContext;

import com.ibm.portal.auth.exceptions.AuthenticationException;

import com.ibm.portal.auth.exceptions.AuthenticationFailedException;

import com.ibm.portal.auth.exceptions.PasswordInvalidException;

import com.ibm.portal.auth.exceptions.SystemLoginException;

import com.ibm.portal.auth.exceptions.UserIDInvalidException;

import com.ibm.portal.security.SecurityFilterConfig;

import com.ibm.portal.security.exceptions.SecurityFilterInitException;

import com.ibm.websphere.security.WSSecurityException;

public class TestExplicitLoginFilter implements ExplicitLoginFilter {

     

      public void login(HttpServletRequest req, HttpServletResponse resp,

                  String userid, char[] password, FilterChainContext portalLoginContext, Subject subject,

                  String realm, ExplicitLoginFilterChain chain) throws LoginException,

                  WSSecurityException, PasswordInvalidException,

                  UserIDInvalidException, AuthenticationFailedException,

                  AuthenticationException, SystemLoginException,

                  com.ibm.portal.auth.exceptions.LoginException {

            // TODO Auto-generated method stub

           

            chain.login(req,resp, userid, password, portalLoginContext, subject, realm);

             

                  if(userid.equals(paul){

setRedirectURL(req, context, "/wps/myportal/pageA");

}else{

setRedirectURL(req, context, "/wps/myportal/pageB");

}

                  }

         

     

      @Override

      public void destroy() {

            // TODO Auto-generated method stub

      }

      @Override

      public void init(SecurityFilterConfig arg0)

                  throws SecurityFilterInitException {

           

      }

}

Registering the authentication filters.

Login to WAS Integrated solutions console

Under Resources -> resource Environment -> Resource Enviornment Provides -> click WP_AuthenticationService -> custom properties.

And select New

Enter the below values

Name:- login.explicit.filterchain

Value :- com.test.authfilters.TestExplicitLoginFilter

Click apply and save the changes. 

Now export your project as jar and copy it to portalServer_root/shared/app folder

And restart the portal server for these changes to take effect. 

Create a SiteMap in IBM web content manager.

Login to WCM and navigate to the library where you want to create the sitemap.
then select 

New -> components -> Navigator

name the component as NAV_SiteMap and enter the displaytitle and description.

in the start type dropdown select option " selected"

Selected Site area = "select the top level site area of you site "

and enter the rest of the details as shows below. 








 

save the component and preview the component

preview should look something like the screenshot below