Application Platform 10.3 | Application Platform API | Adding Single Sign-On Authentication to Application Platform Projects | Web Application Layer Security | Filter-Based Security
 
Filter-Based Security
 
Session Concurrency Filter
Application Platform provides a security filter that you can add in the web.xml file.
The following table describes the security filter that you can add in the web.xml file.
Filter and Description
com.softwareag.applatform.security.filter.AppPlatformSecurityFilter
A servlet filter that is added to the web.xml file of the required Application Platform web project. Supports SSO functionality for web applications.
The following table describes the properties of AppPlatformSecurityFilter and specifies the default value for each property.
Property
Value
Description
realm
AppPlatformRealm
This is the only valid value.
String Required. The Application Platform realm.
nextauthMethod
Valid values:
*BASIC
Basic authentication.
*CLIENT_CERT
Authentication with client certificate.
*FORM
Form authentication. Requires attributes for user name and the password, as follows:
j_username
j_password
String Required. The next authentication method to try if the current authentication request fails. For detailed information about the possible values, see the Java EE documentation, provided by Oracle.
roleNamesAllowed
Depends on the runtime server, as follows:
*For Integration Server the roles must be equivalent to the roles in the Integration Server access control list (ACL). For information about the ACL, see webMethods Integration Server Administrator’s Guide.
*For My webMethods Server the roles must be equivalent to the applicable Security Realm container. For information about Security Realm containers, see Administering My webMethods Server.
String List Optional. A comma-separated list of allowed user roles. Users are authenticated when they have one of the listed roles.
formLoginPage
String Optional. The address of the login page when using the form authentication type.
formErrorPage
String Optional. The address of the error page that displays when the form authentication fails.