Web UI framework security - authentication

Authentication identifies users who have access to the application. It is the first step in the login process. It occurs before you are authorized for resources in the application. Use the Applications Manager to specify user IDs and passwords.

All requests are authenticated unless the URI (universal resource indicator) is in the bypass list. This is sometimes done for graphic files, cascading style sheets (css), and other items that support information that is already protected by authentication.

With the Web UI Framework, you have the following options for implementing authentication:
  • The default implementation, which includes support for single sign on (SSO).

    If you are currently using the default implementation of authentication, and want to continue using that implementation, you must use this option. The default implementation supports all existing authentication features.

  • A custom implementation where you plug in your own authentication implementation and do not use the default implementation. A customized implementation can have additional authentication processes, such as single sign on (SSO). You also can customize the post authentication mechanism.

    You must use either the default authentication implementation or a customized authentication implementation, but if you do not use the default post authentication implementation, you are not required to provide a customized post authentication implementation.

  • A custom implementation where you customize the default implementation.
Note: If the application is going to be installed in a multi WAR environment, do not reference UI framework classes such as “SCUIContextHelp.class” in the single sign on implementation class.
With all options, the implementation is plugged into interface contracts, which have definitions of the behavior expected with any authentication mechanism that can plug in to it. This ensures a consistent mechanism for authentication, no matter how you are implementing it (custom or default). The interface contracts also have definitions of the behavior expected with any post-authentication mechanism, which is called if the authentication mechanism succeeds.
Authentication can be called in different ways:
  • LDAP
  • Database table

The following graphic illustrates the flow of authentication:

graphic illustrates the flow of authentication