5.10.1 Implementation of the API-based login session
When the integrated user management framework is used to authenticate users, the process must be implemented that uses a servlet or JSP to invoke the login module at the time of login. The settings must be stored in the JAAS configuration file to use login modules. For details about the settings in the JAAS configuration file, see 14.2.1 jaas.conf (JAAS configuration file).
The following is an example of API-based login implementation.
<%@ page import="com.cosminexus.admin.auth.callback.WebPasswordHandler" %>
<%@ page import="javax.security.auth.login.LoginContext" %>
...
<%LoginContext lc = new LoginContext("Portal",
new WebPasswordHandler(request, response, null, "login.html", true));
try { lc.login(); } catch (LoginException e) { ... }
%>
...The above example specifies to create an instance from the LoginContext class and to use the authentication module specified in the Portal entry of the JAAS configuration file as the argument. If com.cosminexus.admin.auth.name and com.cosminexus.admin.auth.password parameters are set in request, these parameters are used to authentication users. Otherwise, login.html is invoked to obtain authentication information (user ID and password) based on the user.