Configuring servlet filters for form login processing

IBM® Rational® Application Developer or an assembly tool can configure the servlet filters. Two steps are involved in configuring a servlet filter.

1. Name the servlet filter and assign the corresponding implementation class to the servlet filter.

   Optionally, assign initialization parameters that get passed to the init method of the servlet filter.

   After configuring the servlet filter, the web.xml application deployment descriptor contains a servlet filter configuration similar to the following example:

   <filter id="Filter_1">
   			<filter-name>LoginFilter</filter-name>
   			<filter-class>LoginFilter</filter-class>
   			<description>Performs pre-login and post-login 
           operation</description>
   			<init-param>// optional
   					<param-name>ParameterName</param-name>
   					<param-value>ParameterName</param-value>
   			</init-param>
   </filter>
   

2. Map the servlet filter to a URL or a servlet.

   After mapping the servlet filter to a URL or a servlet, the web.xml application deployment descriptor contains servlet mapping similar to the following example:

   <filter-mapping>
   			<filter-name>LoginFilter</filter-name>
   			<url-pattern>/j_security_check</url-pattern> 
                  // can be servlet <servlet>servletName</servlet>
   </filter-mapping>
   

Example

You can use servlet filters to replace the CustomLoginServlet servlet, and to perform additional authentication, auditing, and logging.

The WebSphere® Application Server Samples provide a form login sample that demonstrates how to use the WebSphere Application Server login facilities to implement and configure form login procedures. The sample integrates the following technologies to demonstrate the WebSphere Application Server and Java™ Platform, Enterprise Edition (Java EE) login functionality:

• Java EE form-based login
• Java EE servlet filter with login
• IBM extension: form-based login

The form login sample is part of the Technology Samples package.

Note: If you install the application server on a z/OS system in which program control is enabled, when you log into a form-based web application you might receive the following error message in the system log file:

ICH420I PROGRAM BBORSMCT FROM LIBRARY WAS.SBBOLD2 CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON)
PROCESSING.

Although program control is enabled on the z/OS system, the program control extended control bits for the application server's native modules will not be enabled. To prevent or resolve this problem enable the program control bits for all of the native load modules in the SMP/E HTTP Server file system (HFS).

1. Add the necessary attributes to the modules:

   cd SMPE_ROOT/usr/lpp/install_root/V7R0/lib/modules
   extattr +p *
   

2. Add the attributes to the *.so files and bbo* files in the lib directory:

   cd SMPE_ROOT/usr/lpp/install_root/V7R0/lib
   extattr +p *.so
   extattr +p bbo*