How to create a custom login portlet that also saves the user id and password to the Credential Vault

Technote (FAQ)


Question

How do you create a custom login portlet that also saves the user id and password to the Credential Vault?

Answer

In WebSphere® Portal 6.0.1 and later versions, there is a new portlet service that allows you to log in to portal. This service still takes advantage of the LoginUserAuth in the login process. But this new service allows you to write your own LoginPortlet and handle any validation or processing before or after the login process.

In the example in this document, we have created a Login Portlet that, after a successful login, adds or saves the login credentials to the Credential Vault. This behavior can be very helpful if, later in the portal experience, you have several systems that do not support LTPA SSO, but you would like to automate the experience of logging in.

The first portlet service we have to take advantage of is the following:

    com.ibm.portal.portlet.service.login.LoginService

To access this service, you would use code such as following (this is best done in the init method of the portlet):
    PortletServiceHome psh;
    javax.naming.Context ctx = new  javax.naming.InitialContext();
    psh = (PortletServiceHome) ctx.lookup(LoginHome. JNDI_NAME );
    loginHome  = (LoginHome) psh.getPortletService(LoginHome. class );

Then in your processAction you can log the user in using code like this:
    LoginService loginService = (LoginService) loginHome .getLoginService(request, response);
    String userId = request.getParameter( FORM_ID );
    String password = request.getParameter( FORM_PASSWORD );
    Map contextMap = new  HashMap();
    contextMap.put(LoginService. DO_RESUME_SESSION_KEY , new  Boolean( false ));
    try  {
    loginService.login(userId, password.toCharArray(), contextMap, null );
    } catch  (Exception ex) {
    System. out .println( "this login failed with = "  + ex.getMessage());
    ex.printStackTrace();
    }  

At this point, you would be logged in or not depending on the response from the loginService. Remember that once you call the login service method, the control will not return to your portlet code if the user is logged in, because Portal will do a redirect to the proper portal page, unless there is an authentication error, or there is a finally block.

Next ,we want to add the credential vault handling. Therefore, in the init method we use this code:
    javax.naming.Context ctx = new  javax.naming.InitialContext();
    PortletServiceHome cvsHome = (PortletServiceHome)ctx.lookup( "portletservice/com.ibm.portal.portlet.service.credentialvault.CredentialVaultService" );
    vaultService  = (CredentialVaultService)cvsHome.getPortletService (CredentialVaultService. class );

Then you need to add a finally block because a user cannot access the credential vault before authentication. After the user is in the loginservice, the service only returns to the portlet code if a failure condition occurs or if you have a finally block. Otherwise, the code does a redirect and sends you to the correct portal page.

Now the processAction method looks like this:
    LoginService loginService = (LoginService) loginHome .getLoginService(request, response);
    String userId = request.getParameter( FORM_ID );
    String password = request.getParameter( FORM_PASSWORD );
    Map contextMap = new  HashMap();
    contextMap.put(LoginService. DO_RESUME_SESSION_KEY , new  Boolean( false ));
    try  {
    loginService.login(userId, password.toCharArray(), contextMap, null );
    } catch  (Exception ex) {
    System. out .println( "this login failed with = "  + ex.getMessage());
        ex.printStackTrace();
    } finally  {
        setCredential(request,userId,password);
    }

The setCredential method takes care of actually accessing the credential vault and setting this value. In this example, we are using a Shared User slot, so that this slot is shared across all portlets this user has access to, and there is one secret per user. The full code for this is in the included sample attached below.

To use this service with Rational Application Developer (RAD), you need to make sure to update the following JAR files:
  • wp.base.jar
  • wp.auth.cmd.jar
  • wp.auth.base.jar
To the following location on your RAD install:
    radinstallroot\runtimes\portal_v60_stub\shared\app

These files need to come from your 6.0.1 Portal server, otherwise the portlets will not compile in portal.

Sample login portlet
LoginPortlet.war

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Portal End of Support Products
WebSphere Portal

Software version:

6.0.1, 6.0.1.0, 6.0.1.1, 6.0.1.3

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS

Software edition:

Enable, Express, Extend, Server

Reference #:

1293879

Modified date:

2013-08-04

Translate my page

Machine Translation

Content navigation