views:

182

answers:

1

I'm developing a standalone custom registry, custom login portlet, and custom profile portlet for Websphere Portal 6.1. Some existing users have not completed one or more required fields in their profiles.

The next time these users log in successfully, how can I get the portal to redirect them to the custom profile portlet before giving them access to the rest of the site?

A: 

It looks like Websphere Portal 6.1 comes with an API for sending authentication requests through a chain of filters. I found an article describing the API on developer works ('New security APIs in Websphere Portal').

In particular, the com.ibm.portal.auth.ExplicitLoginFilter interface lets you plug in during the authentication sequence and dynamically change where the system redirects after the user's credentials are validated. Here is a stubbed example:

public class CustomLoginFilter implements ExplicitLoginFilter {
    public void login(HttpServletRequest req, HttpServletResponse resp, 
        String userId, char[] password, 
        FilterChainContext portalLoginContext, Subject subject, 
        String realm, ExplicitLoginFilterChain chain) 
        throws LoginException, WSSecurityException, 
        com.ibm.portal.auth.exceptions.LoginException {  

        //Validate the user's credentials.
        chain.login(req, resp, userId, password, portalLoginContext, subject, realm);  

        //Redirect to profile portlet if required profile fields are incomplete.
        if(incompleteProfile(userId)) {
            portalLoginContext.setRedirectURL(getURLForProfilePortlet());
        }
    }

    //Other methods...
}

The ExplicitLoginFilter and its dependencies are located in the following jar files, which you must add to your classpath when compiling your code:

Starting from your Websphere Portal root directory...
/base/wp.auth.base/shared/app/wp.auth.base.jar
/base/wp.base/shared/app/wp.base.jar

cc1001
FYI...The code sample successfully redirects to the profile page, but the user is still logged out. Work in progress...
cc1001
The user was still logged out after the redirect because my method getURLForProfilePortlet() was returning a URL starting with the public portal URI (i.e. /wps/portal) instead of the protected URI (i.e. /wps/myportal).
cc1001