Show TOC Start of Content Area

Process documentation Overview of the Login Process in JAAS  Locate the document in its SAP Library structure

Purpose

The login process is initiated by the Web Container (when the user is prompted to log in upon first request to a protected resource of the application). A new instance of the LoginContext class is created for this purpose that uses the configuration information provided by the Web application, and initializes the appropriate login modules. The application user must authenticate the appropriate login modules from the stack (depending on their attributes) so that the login to the application is successful.

Process Flow

The login process consists of the following phases:

...

       1.      The application calls the login()method of the LoginContext class.

       2.      The LoginContext calls the login() method of each of the login modules in the stack in the order they are configured.

Each login module completes the user authentication in two phases:

                            a.      First, when its login() method is called, it uses a CallbackHandler class to negotiate the required authentication information with the user.

                            b.      The second phase refers to calling the commit() method of the login module if the user has successfully authenticated, or the abort() method, if the authentication fails.

The login process is successful if the user is authenticated by all the required login modules in the stack (that is, the commit() method of all login modules that successfully authenticated the user returns).

 

Login Process Flow

This graphic is explained in the accompanying text

 

End of Content Area