| Author |
Message
|
| ALococo |
 Posted: Mon Sep 20, 2004 11:55 am Post subject: Forms based authentication using the WebClient |
 |
|
Newbie
Joined: 08 Sep 2003
Posts: 6
|
| Has anyone used J2EE forms-based authentication using Workflow's WebClient? If so, how do you set this up? I know the logon page for the J2EE forms-based authentication needs to have a username input field called "j_username" and a password input field called "j_password" inside a form with an action of "j_security_check". The WebClient needs these fields to be called something entirely different. Am I thinking about this correctly? Should I not be trying to use forms-based authentication in the WebClient? If not, how can I protect my custom jsps or popups? |
|
| Back to top |
|
 |
| texan |
| Posted: Mon Sep 20, 2004 8:14 pm Post subject: |
|
|
Acolyte
Joined: 25 Feb 2004
Posts: 74
|
| What exactly are you requirements? Do you want to validate user id & password against workflow database or you want to use some kind of LDAP? If your planning to do later, then you have to enable authentication exit on workflow server. |
|
| Back to top |
|
|
| ALococo |
| Posted: Tue Sep 21, 2004 5:03 am Post subject: |
|
|
Newbie
Joined: 08 Sep 2003
Posts: 6
|
| Thanks for your response, but you're addressing a different issue. I just need to know if forms based authentication is possible using the WebClient and if so, how do you set it up. |
|
| Back to top |
|
|
| vennela |
| Posted: Tue Sep 21, 2004 6:00 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
Alocco:
Forgive my ignorance here but what is forms based authentication. I am not a J2EE guy so educate us on what it is and we can tell you whether that is possible or not.
BUT from the first impression of what you have described, I think the answer is NO |
|
| Back to top |
|
|
| CHF |
| Posted: Tue Sep 21, 2004 7:09 am Post subject: |
|
|
Master
Joined: 16 Dec 2003
Posts: 297
|
Alocco:
My explanation here is not related to forms based authentication. I had like to share how we dealt with WebClient authentication. (you probably already aware of this). I am not a J2EE guy too 
1) Install and configure SiteMinder (you could use a different authentication service) on the web server that hosts WebClient application.
2) Configure SiteMinder's Policy Server to protect this WebClient application.
After you setup SiteMinder, when an user tries to login to WebClient, SiteMinder begins the authentication process. A pop up window is displayed and user enters in extra info required for authentication. And then SiteMinder determines whether this user has access to this WebClient application. If the authorization is successful, then the user will be granted access to the application.
Once the user gets a session with Workflow, I beleive its a trusted environment 
_________________
CHF |
|
| Back to top |
|
|
| Ratan |
| Posted: Tue Sep 21, 2004 9:10 am Post subject: |
|
|
Grand Master
Joined: 18 Jul 2002
Posts: 1245
|
I think you can used form based authentication, for controlling acces to your web resources. I am not an expert here but think it can be done. The minimum you have to do is write your own command Handler for Logon. Go through the Webclient customization chapter in WF Programming Guide.
_________________
-Ratan |
|
| Back to top |
|
|
| ALococo |
| Posted: Tue Sep 21, 2004 9:21 am Post subject: |
|
|
Newbie
Joined: 08 Sep 2003
Posts: 6
|
| Instead of explaining form-based authentication, let me explain what I'm trying to do. Basically, I want to protect all of my pages for this web application. So, if I have a popup window that has no workflow references on it, I do not want to allow a user to type in the URL for this popup/JSP and be able to view it. |
|
| Back to top |
|
|
| texan |
| Posted: Tue Sep 21, 2004 1:00 pm Post subject: |
|
|
Acolyte
Joined: 25 Feb 2004
Posts: 74
|
If you want to protect your resources in Websphere, you have to enable security in WAS admin console. If you enable security then, you have to sepecify the user base location (either local OS or LDAP or custom registry). It is my understanding that: if you do n't enable security, then you cannot protect resources.
In your case, what I would suggest is: check the session in every jsp and if do n't exist forward the request to login page. You can put this in some common JSP and include it in all JSPS. |
|
| Back to top |
|
|
|
|
