Skip to Content
author's profile photo Former Member
Former Member

custom logon component

Hi

Our users are available and maintained in the CUA, and teh security policy comes from the CUA too.

I have created a custom logon abstract portal component, and i have created a jsp with fields for j_user and j_password. in the form action, i call my component "/irj/servlet/prt/portal/prtroot/com.sap.portal.mycustomlogon.Logon"

in the do content of this component, i redirect to the jsp if it is being accessed for the first time.

i have created an iview out of this component and have put it in my anonymous role in the portal.

when i try to login with a valid user and a WRONG password, the 'number of failed attempts' value in CUA increments by 1 even before I try to login the user with this piece of code:

UMFactory.getLogonAuthenticator().logon(req,res,"default");	

I am sure about this because i commented out everything in my code and tested it. As soon as the jsp calls my component, the failedLogonAttempts counter is incremented by 1 in CUA.

Anyone knows why this happens? As soon as I click on submit button in my jsp, it seems to be authenticating the username and password with some default component before going into my custom logon component. I dont understand this.

Please help. i am stuck with this problem for quite sometime.

Thanks

oj

Edited by: OJ on Jul 23, 2008 12:18 PM

Forgot to mention that my custom logon component has authscheme property set to anonymous:

<property name="AuthScheme" value="anonymous"/>

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jul 24, 2008 at 03:45 AM

    Hi All

    The way authentication works is described in the following document:

    Integrating Security Functions

    An excerpt from it which helped me solve it:

    Applications running on J2EE Engine have two options for authenticating users:
    
    · Container-based authentication: The container (in this case, SAP J2EE Engine)
    handles authentication. Applications running on the SAP J2EE Engine run in
    anonymous mode and assume that the container takes care of authentication.
    
    · UME-based authentication: Applications running on J2EE Engine authenticate directly
    against SAP User Management Engine (UME) using the UME API.
    
    We support an integration of these two types of authentication, so that, if an application uses
    UME-based authentication to authenticate its users, the container (J2EE Engine) is also
    aware that the users are authenticated. Inversely, if an application uses container-based
    authentication to authenticate its users, UME is also aware that the users are authenticated.
    Calls to the APIs of both the container and UME return the authenticated user.
    

    hope this helps anyone who has a similar problem.

    Thanks

    OJ

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.