Web UI framework security - implementing authentication

When you implement authentication, you must first decide if you want to customize or use the default implementation of authentication provided by the application.

You have the following options:
  • The default implementation.

    To use this implementation, just install the application.

  • A customized implementation where you plug in your own authentication implementation and do not use the default implementation.
  • A customized implementation where you customize the default implementation.

Customizing authentication

The custom authentication mechanism for the application consists of the AuthenticationProvider class that implements the ISCUIAuthenticationProvider interface. AuthenticationProvider is plugged in using the context parameter in web.xml as shown in the following example:


The following shows an example of a custom AuthenticationProvider that uses the provider specified in the web.xml example:

public class MyAppAuthenticationProvider 
implements ISCUIAuthenticationProvider  
 	public SCUISecurityResponse authenticate(SCUIContext uiContext)  
   	//authenticate the user 
   	//set the SCUISecurityContext in uiContext 
   	//set the SCUIUserPreferences in uiContext 
 	public void init()  
 	  //initialize the authentication mechanism. 
 	public void sessionDestroyed(HttpSessionEvent sessionEvent)  
 	  //close the connection and release it back into the pool