In form-based authentication, the HTML code of a login form is returned in the server response when the application tries to access a protected resource.
Although form-based authentication is best suited for desktop and web environments, where you actually display and use the returned login form, you can also use this authentication mode in mobile applications.
To use form-based authentication, you must use a login module to validate the received credentials.
In this tutorial, you implement a simple form-based authentication mechanism that is based on a user name and a password.
This tutorial covers the following topics:
- Configuring the authenticationConfig.xml file
- Protecting a Java adapter
- Creating client-side authentication components
The following diagram illustrates the form-based authentication process.
Configuring the authenticationConfig.xml file
authenticationConfig.xml file already contains a sample realm that is configured to use a form-based authenticator.
StrongDummy login module that is used for this realm.
NonValidatingLoginModule parameter means that the user credentials are not validated. In other words: any combination of user name and password is valid.
Define a security test that uses the
SampleAppRealm. Remember the security test name, to use it in the subsequent steps.
- Create an adapter and name it
- Add a
getSecretDataprocedure and protect it with the security test that you created previously.
In this module, the
getSecretData procedure returns some hardcoded value:
Protecting a Java adapter
- Create a Java adapter.
- Add a
getSecretDatamethod and protect it with the realm that you created previously. In this module, the
getSecretDataprocedure returns some hardcoded value:
- To set your new realm as the default user identity for the application, add this option to the application descriptor:
To learn more about application descriptor properties, see the user documentation.
Known limitation: If you use Java adapters, the client-side
logoutfeature is not currently supported and may lead to unexpected behavior.
Creating client-side authentication components▲
- Form-based authentication in hybrid applications
- Form-based authentication in native Windows 8 applications
- Form-based authentication in native Android applications
- Form-based authentication in native iOS applications
- Form-based authentication in native Windows Phone 8 applications