Using application-managed (custom) authentication

If you do not want to use JEE authentication to secure your HTML file, you can incorporate custom security into your Rich UI application. You must still use JEE security to protect the EGL Rich UI Proxy and Web services.

When you use custom security, your Rich UI application must include a user-defined login screen. To hide the password as it is being typed, use the PasswordTextField widget in your Rich UI handler. Your Rich UI application can require authentication to occur either at the beginning of the application or before accessing a restricted area. You can integrate this form of security into the rest of the application.

The first step in defining custom security is to determine which parts of the application should be secured (that is, which parts can be accessed only after logging in with a valid user id and password). Even if you are not using JEE security protect to the HTML file, use JEE security to secure the EGL Rich UI Proxy. This is an important factor to remember when you design your Rich UI application. A design that uses EGL single sign-on will reduce the number of times a user will have to authenticate.

When authenticating with custom security, use SSL to ensure that the user id and password are secure during transmission between the browser and server. For an introduction to SSL, see Overview of SSL.


Feedback