Interface contracts of the web UI framework - post authentication

The interface contract for post authentication defines the behavior expected in any implementation of post authentication in an application.

For more information, refer to the Java™ API documentation in your installation directory (<INSTALL_DIR>/xapidocs/core_javadocs).


Interface Contract Description Methods
ISCUIPostAuthenticationProvider

Defines the behavior expected in any implementation of authentication in an application.

AuthenticationProvider is plugged in to an application using the context parameter in the web.xml file:
  • <param-name>

    scui-post-authentication-provider

  • <param-value>

    com.app.MyAppPostAuthenticationProvider

Multiple PostAuthenticationProviders can be set using the web.xml file. No order is maintained but if one PostAuthentication fails, the request is redirected to the URL in the forwarded page with the error.

Multiple PostAuthenticationProviders are set using the web.xml param-name scui-post-authentication-provider.

  • postAuthenticate

    Takes in the SCUIContext. The expected response (after post authentication) is an SCUISecurityResponse object that encapsulates the return status, the URL of the page, exception, and error message.

  • init

    Handles initialization, like loading the security information or caching it. This method is called once, when PostAuthenticationProvider is first set.

  • sessionDestroyed

    Closes all opened session-specific handles.

    The ISCUIAuthenticationProvider class extends the ISCUISessionAware class, which is a marker class that helps the ISCUIAuthenticationProvider class register itself to the HttpSessionListener implementation class.

    When a session is invalidated or destroyed, the sessionDestroyedmethod is called by the listener to close the handles opened during initialization.