Configure Login / Logout / Session Filter

In Portal 6.1, you can customize the behavior of the Portal in specific authentication situations, through the Authentication Filters. The Authentication Filters use the same pattern as defined by the J2EE servlet filter facility, and make use of filter chains

The following authentication filter chains are available for the developer:

  • Explicit login: This is a login by user name and password as represented by the interfacecom.ibm.portal.auth.ExplicitLoginFilter. For example, this can be a login by using the login portlet or the login URL.
  • Implicit login: For example, this can be when a user is already authenticated by WAS, but not yet to Portal. This is represented by the interface com.ibm.portal.auth.ImplicitLoginFilter.
  • Explicit logout: This means that the user triggers a logout action directly, for example by clicking the Logout button in the user interface, interface com.ibm.portal.auth.ExplicitLogoutFilter.
  • Implicit logout: For example, this can be after a session timeout, or if an authenticated user accesses a public page, or if the user navigates to a virtual portal without being member of the associated user realm. This is represented by the interface com.ibm.portal.auth.ImplicitLogoutFilter.
  • Session Timeout: This is called immediately after an idle timeout of the user session occurred. This is represented by the interface com.ibm.portal.auth.SessionTimeoutFilter.
  • Session Validation: This is called for every request before actions are triggered and the page is rendered. This is represented by the interface com.ibm.portal.auth.SessionValidationFilter.

  • You can configure them through the Portal configuration services. You can no longer set these properties by simply changing the property value in the properties file and restarting the portal. The configuration for each service is stored in and accessible through the IBM WebSphere Application Server administrative console.

    Use the following properties to define the custom filters in the various authentication filter chains in the portal. Each of these properties takes a comma-separated list of the fully qualified class names of the custom filter implementations.
    login.explicit.filterchain =
    Use this property to specify the custom filters for the filter chain that is triggered for an explicit login by user name and password. The classes listed in this property must implement the interface com.ibm.portal.auth.ExplicitLoginFilter.
    login.implicit.filterchain =
    Use this property to specify the custom filters for the filter chain that is triggered for an implicit login, that is if the user is already authenticated to WebSphere Application Server but has no portal session yet. The classes listed in this property must implement the interface com.ibm.portal.auth.ImplicitLoginFilter.
    logout.explicit.filterchain =
    Use this property to specify the custom filters for the filter chain that is triggered for an explicit logout. The classes listed in this property must implement the interface com.ibm.portal.auth.ExplicitLogoutFilter.
    logout.implicit.filterchain =
    Use this property to specify the custom filters for the filter chain that is triggered for an implicit logout, that is if the user got a session timeout. The classes listed in this property must implement the interface com.ibm.portal.auth.ImplicitLogoutFilter.
    sessiontimeout.filterchain =
    Use this property to specify the custom filters for the filter chain that is triggered directly after an idle timeout of the session occurred. The classes listed in this property must implement the interfacecom.ibm.portal.auth.SessionTimeoutFilter.
    sessionvalidation.filterchain =
    Use this property to specify the custom filters for the filter chain that is triggered for every request before the action handling and rendering is processed. The classes listed in this property must implement the interfacecom.ibm.portal.auth.SessionValidationFilter.
    filterchain.properties.. =
    Use an arbitrary set of properties according to the above pattern to specify properties for any of your custom filters. The property value is then available to the specified filter class in the SecurityFilterConfig object passed to its init method.

    6 comments:

    Anonymous said...

    what is the difference between implicit logout and session timeout filter? both seem to be called when user gets a session timeout.

    Simant said...

    Hi Sunil,

    i have a doubt, if i want to set a parameter in Implicit login filter and retrieve it in portal theme.

    How can this be done?, i tried setting the value in the http request, http session. But with no luck.

    Any help would be appreciated.

    Anonymous said...

    Why are you copying an IBM documentation page to your blog?

    Vikas Chaudhary said...

    Battery Mantra is Authorized exide car battery dealer in Noida and Greater Noida. We are providing our service in Indirapuram, Delhi, Ashok Nagar.

    Exide Battery Dealer in Noida
    Battery Dealer in Noida
    Authorized Battery Dealer in Noida
    Car Battery Dealer in Noida
    Car Battery Dealer
    Exide Battery Dealer

    srjwebsolutions said...

    We are leading responsive website designing and development company in Noida.
    We are offering mobile friendly responsive website designing, website development, e-commerce website, seo service and sem services in Noida.

    Responsive Website Designing Company in Noida
    Website Designing Company in Noida
    SEO Services in Noida
    SMO Services in Noida

    EG MEDI said...

    Egmedi.com is online medical store pharmacy in laxmi nagar Delhi. You can Order prescription/OTC medicines online.
    Cash on Delivery available. Free Home Delivery


    Online Pharmacy in Delhi
    Buy Online medicine in Delhi
    Online Pharmacy in laxmi nagar
    Buy Online medicine in laxmi nagar
    Onine Medical Store in Delhi
    Online Medical store in laxmi nagar
    Online medicine store in delhi
    online medicine store in laxmi nagar
    Purchase Medicine Online
    Online Pharmacy India
    Online Medical Store