This blog explains about authenticating user programatically
Scenario : Integrating ADF Application with Oracle Apps (EBS) forms. User logged into Oracle Apps EBS , Providing a link in EBS forms to access to ADF Application. When user clicks on a link , Redirect to ADF application and use EBS Authentication login credentials to programatically authenticate ADF application, So that user will not be prompted for Login page again for ADF application.
- Crate Custom Filter (AuthFilter), Override doFilter() method as shown in below. This method will be invoked every time before screen loaded. We can customize this method not to perform the way how ever we want.
- Configure Above AuthFilter in web.xml as shown below
- Below Jspx (index.jspx) is not secured, By launching this page application will not perform for any login credentials.
- Below Jspx (DashBoard.jspx) is secured, By clicking on 'Go to Secure Page' hyper link on above page, I am programatically populating userName & password to HttpSession object & Authenticating in doFilter() method as shown below, This is going to skip the 'Login Page' and directly goes to secured page.
Scenario : Integrating ADF Application with Oracle Apps (EBS) forms. User logged into Oracle Apps EBS , Providing a link in EBS forms to access to ADF Application. When user clicks on a link , Redirect to ADF application and use EBS Authentication login credentials to programatically authenticate ADF application, So that user will not be prompted for Login page again for ADF application.
- Crate Custom Filter (AuthFilter), Override doFilter() method as shown in below. This method will be invoked every time before screen loaded. We can customize this method not to perform the way how ever we want.
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import weblogic.security.URLCallbackHandler;
import weblogic.security.services.Authentication;
/**
* Override doFilter()
* Retrieve UserID and Password from Session
* Authenticate the user and return credentials using the default realm.
* Sets Current Thread Identity & Session Identity
* @param request
* @param response
* @param chain
* @throws IOException
* @throws ServletException
*/
public void doFilter( ServletRequest request, ServletResponse response, FilterChain
chain )
throws IOException, ServletException
{
if ( request instanceof HttpServletRequest )
{
HttpServletRequest httpRequest = ( HttpServletRequest )request;
HttpSession session = httpRequest.getSession();
//Assume you get userName & Password from HttpSession object.
String username = ( String )session.getAttribute( SESSION_ATTR_USER );
String password = ( String )session.getAttribute( SESSION_ATTR_PASSWORD );
if (username != null && password != null)
{
byte[] pw = password.getBytes();
Subject subject = null;
try
{
// Prepare Security Context
subject = Authentication.login(new URLCallbackHandler(username, pw));
weblogic.servlet.security.ServletAuthentication.runAs(subject, httpRequest);
} catch ( LoginException e )
{
e.printStackTrace();
}
}
}
chain.doFilter( request, response );
}
- Configure Above AuthFilter in web.xml as shown below
- Below Jspx (index.jspx) is not secured, By launching this page application will not perform for any login credentials.
- Below Jspx (DashBoard.jspx) is secured, By clicking on 'Go to Secure Page' hyper link on above page, I am programatically populating userName & password to HttpSession object & Authenticating in doFilter() method as shown below, This is going to skip the 'Login Page' and directly goes to secured page.
Man, you don't imagine how much time i spent in searching for a material like this post. It's amazing and solve the biggest problem that i have in my software project. Can you send me this sample project?
ReplyDeleteHey, Thank you. I will have to see whether I have copy of this sample application or not.
DeleteHey, found your copy of this sample?
DeleteCan you send me the sample application
DeleteCan you please send me the Sample Application. I am facing the same problem bnr.network@gmail.com
DeleteCan you please send me the Sample Application. I am facing the same problem too.
Deletemasoud.vafaei@gmail.com
Hi Can you please send me the sample project at nasiramin43@gmail.com
ReplyDelete