Getting Started with WebSphere Application Server
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 8 – Security 153<br />
In the above example, the realm helloRealm is used. Ensure you add the following line to the<br />
deployment plan (geronimo-web.xml):<br />
helloRealm<br />
The BASIC authentication mechanism is the default option for requesting authentication information from<br />
a browser-based client. When a user tries to access the protected pages using a browser, the browser<br />
will pop-up a dialog box to request you input the id and password. The authentication information is<br />
encrypted using base64 encoding.<br />
Alternatively, the FORM authentication mechanism as illustrated in Listing 8.14 is also commonly used.<br />
Using this mechanism, an application developer provides a customized logon page, and you request the<br />
authentication information this way. This is illustrated in Listing 8.15 showing the contents of the file<br />
login.jsp.<br />
<br />
FORM<br />
<br />
/login.jsp<br />
/loginerror.jsp<br />
<br />
<br />
Listing 8.14 - “FORM” authentication method<br />
<br />
Username:<br />
Password:<br />
<br />
<br />
Listing 8.15 - The login.jsp<br />
There are also Client_CERT and Digest methods provided, where Client_CERT is using digital<br />
certificates passed over an SSL connection, and Digest is similar to BASIC, but the password is<br />
transmitted using a custom encryption mechanism.<br />
8.3.3.2 Programmatic security<br />
Using programmatic security in JSPs and servlets is very similar to EJB programmatic security described<br />
in an earlier section. Listing 8.16 provides an example.<br />
System.out.println(request.getUserPrincipal().getName());<br />
if (request.isUserInRole("super_user")){<br />
//add any logic that is super user specific.<br />
}<br />
Listing 8.16 - Programmatic access control<br />
8.3.3.3 Testing Web security from a browser