Authentication in GateIn Portal is based on JAAS and by default it is standard J2EE FORM-based authentication. However, the authentication workflow is not so easy and straightforward, because GateIn Portal supports many different authentication usecases, so that you can leverage authentication process according to your needs.
In GateIn Portal, the following types of authentication are supported:
J2EE FORM-based authentication.
RememberMe authentication (user checks Remember my login checkbox in login form).
SSO servers integration (CAS, JOSSO, OpenSSO). See Single-Sign-On (SSO) for more information.
SPNEGO authentication with Kerberos ticket. See SPNEGO for more information.
SAML2-based authentication. See SAML2 for more information.
Cluster authentication with the load balancer or with the JBoss SSO valve. See Single Sign-On in a Cluster for more information.
Authentication workflow consists of more HTTP requests and redirects with couple of handshakes in it. Currently, only Servlet 3.0 containers are supported, so authentication is triggered programmatically from Servlet API.
First, in the
$PLATFORM_JBOSS_HOME/gatein/gatein.ear/portal.war/WEB-INF/web.xml file, you will see that authentication can be triggered by accessing the secured URL /dologin:
This means that the access to URL like http://localhost:8080/portal/dologin will directly trigger the J2EE authentication in case the user is not logged. The access to URL also means that the user needs to be in the JAAS group users, otherwise he/she can authenticate but will have the HTTP error, such as 403 Forbidden.
In next part of the file, you can see that authentication is FORM-based and it starts by redirection to /login URL, which is actually mapped to LoginServlet.
LoginServlet simply redirects the user to the login page placed in
So if you want to change somehow the look and feel of this login page, you can do it in this JSP file. Alternatively, you can create extension and override this page via extension if you do not want to edit it directly. You can also change/override image or CSS placed in
After the user has submitted his login form, he/she will be redirected to the login URL, which looks like [http://localhost:8080/portal/login?username=root&password=gtn&initialURI=/portal/classic, which is again mapped to LoginServlet. Now LoginServlet will trigger the WCI login, which delegates to Servlet API (method
HttpServletRequest.login(String username, String password) available in Servlet 3.0). Additionally, it triggers the WCI Authentication listeners. The login through Servlet API will delegate to JAAS.