Building login module

Similar Messages

• Use of portal service in JAAS Login Module

  Is it possible to use an portal service in an JAAS Login Module?
  I've tried to use the IUserMappingService and always run in an Null Pointer Exception.
  All needed Used DC references are set and the build and the deployment of the
  login module is possible without any errors.
  Best regards,
  Thomas

  I've debuged my JAAS login modul.
  The following objects are in accessable over my context object
  {broker=broker, com.sap.portal.pcm.collaborative.ipartstemplates={}, UME=UME, com.sap.workflow.es.portal.IKMCRoomService=com.sap.workflow.es.room.KMCRoomHelper@44c944c9, comp.sap.portal.fpn.marshallersrepository={com.sapportals.portal.workset=com.sap.portal.fpn.marshal.WorksetMarshaller@7cf07cf0, com.sapportals.portal.rolefolder=com.sap.portal.fpn.marshal.RoleFolderMarshaller@489b489b, com.sapportals.portal.operationmodifier=com.sap.portal.unification.semanticlayer.marshalling.OperationModifierMarshaller@1a1b1a1b, com.sapportals.portal.businessobject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectMarshaller@1fc71fc7, com.sapportals.portal.layout=com.sap.portal.fpn.marshal.LayoutMarshaller@454f454f, com.sapportals.portal.role=com.sap.portal.fpn.marshal.RoleMarshaller@590e590e, com.sap.portal.obn.semanticlayer.businessobject.BusinessObject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectNYMarshaller@68af68af, com.sap.portal.obn.semanticlayer.operation.IOperation=com.sap.portal.unification.semanticlayer.marshalling.OperationNYMarshaller@4f4a4f4a, com.sap.portal.pcm.admin.PlainFolderConverter=com.sap.portal.fpn.marshal.FolderMarshaller@284a284a, com.sapportals.portal.iview=com.sap.portal.fpn.marshal.IViewMarshaller@7ba37ba3, com.sapportals.portal.page=com.sap.portal.fpn.marshal.PageMarshaller@a100a10, com.sapportals.portal.operation=com.sap.portal.unification.semanticlayer.marshalling.OperationMarshaller@ece0ece}, WP=com.sapportals.portal.prt.core.resource.MultiPropertiesResource@3b213b21, ContentCatalog=ContentCatalog, Navigation=Navigation, PCD=PCD, com.sap.portal.obn=com.sap.portal.obn, com.sap.portal.usermanagement.usermanagement=com.sapportals.portal.prt.service.usermanagement.UserManagementService@60cc60cc, ProductionMode=true, AdHocWorkflowConnector=com.sap.workflow.es.portal.WFEWorkitemProvider@30d630d6, com.sap.ip.bi=com.sap.ip.bi, com.sapportals.portal.pcm.registeredServies=com.sapportals.portal.pcm.registeredServies, UniversalWorklistService=com.sap.netweaver.bc.uwl.core.portal.UWLPortalService@57e957e9, com.sap.portal.appintegrator=com.sap.portal.appintegrator, rtmf_messaging=com.sap.ip.collaboration.core.api.rtmf.core.RTMFMessaging@41af41af, com.sap.workflow.es.portal.IKMNotificationService=com.sap.workflow.es.portal.KMNotificationService@1daa1daa, com.sap.portal.pcm.collaborative.pagestemplates={}, runtime=runtime, Authenticator=com.sapportals.portal.prt.service.authenticationservice.AuthenticationService@756f756f, com.sap.workflow.es.portal.IKMAttachmentService=com.sap.workflow.es.portal.KMAttachmentService@9750975, unification=unification}
  The IUserMappingService is missing.  Any ideas?
  Best regards,
  Thomas

• How to call custom Login Module from JSP

  Hi,
  I am stuck with the following issue:
  1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
  2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
  So I have the following questions:
  1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
  2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
  I'd appreciate any little help on this matter.
  Thanks and regards,
  Mike

  You have two alternatives to do this:
  You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
  You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
  Let us know which approach you prefer and whether you have difficulties implementing it!

• Howto put custom JAAS Login Module into NWDI

  Hi there!
  We are currently in migration phase and want to integrate existing codings to NWDI. We mainly had Web Dynpro projects which we figured out how to migrate through discovering  help.sap.com
  Formerly I developed a custom JAAS login module which is productive on our portal systems. Now I would like to integrate it to NWDI. Is this possible in general?
  Best Regards
  Christian

  Can you clarify a bit more what didn't work? What issues do you face?
  Our setup for security.jar (which is not available in one of the base SC's) (for the rest try to use as many base DC's as possible):
  1. Create External Library DC for security.jar
  2. Add security.jar to libraries folder, add to new pp for Compilation
  3. Create J2EE Library DC for loginmodule
  4. Create Java Library DC for loginmodule as Child DC
  5. Define the External Library DC as Used DC of the Java DC, referencing the Compilation pp (Only a Build time dependency, since this will not be deployed, instead you'll reference the registered interface, see below).
  6. Create a public part for Assembly in the Java DC. Add all your loginmodule classes to the pp.
  7. Define the Java DC as Used DC of the J2EE Library DC, referencing the Assembly pp (only Build time dependency). (this packages the loginmodule jar in the J2EE library)
  8. Create a provider.xml in the 'server' folder of the J2EE Library DC
  9. Define references to libraries used by the Child DC and the Child DC's jar:
       <references>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="library">com.sap.security.api.sda</reference>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="interface">security_api</reference>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="library">com.sap.tc.Logging</reference>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="library">servlet</reference>
       </references>
       <jars>
            <jar-name>[vendor name]~[DC name]~Assembly.jar</jar-name>
       </jars>
  The J2EE Library DC has only one Used DC: The child Java DC.
  The Java DC has Used DCs for anything you need to compile your loginmodule code.
  Hope I didn't forget anything else.

• Bypass JAAS Login Module

  Hello together,
  we need to build a new call from oracle Forms to new JSP PAGE ( made in ADF).
  That means, we create a new HTTP Request from Forms and read the Request Parameters, such username and password in the called JSP Page.
  We are using JAAS Authorization which works fine, but her comes the Problem:
  We would like to use the request parameters to authorize in JAAS automatically without any Login Screen (Login Module)
  Is there any Solution.
  Regards
  Arni

  Hi Frank,
  so there is no Chance to bypass the login Screen ?

• JAAS Login module SOAP

  Hi all,
  I’m developing a new JAAS login module which will use Apache's Axis API to call a remote SOAP server.
  During the development process, I added the Axis library by using the classic Java Build path=> libraries on Sap Netweaver developer Studio.
  The compilation, the deployment of the SDA and the configuration via Visual Admin are working well.
  But when I tried to authenticate on the SAP EP through this module, I’ve got the following error message:
  java.lang.NoClassDefFoundError: org.apache.axis.client.Service
  In my opinion, it seems that the Apache Axis API (jar files) is not present on the SAP EP.
  Is there any way to add external libraries like   Apache Axis API (jar files) on the SAP EP?
  Is there any way to add external libraries like   Apache Axis API (jar files) on the sda generated by Sap Netweaver developer Studio?
  Thanks,

  Hi,
  can't you add the Axis libs to the SDA? In the file server/provider.xml you have the possibility to add jars via the NWDS.
  HTH
  Daniel

• JAAS Login Module using Deployable Web Service proxy

  Hi,
  We've created a JAAS Login Module that calls a deployable web service proxy to validate users on Netweaver Portal 2004 SP19. To do this the following steps were taken:
  1) created a deployable web proxy named 'SGU_proxy' and uploaded it to server. This project created 2 files: 'SGU_proxy.ear' (the one uploaded) and 'SGU_proxyClientAPI.jar'.
  2) created a Java project named 'AgregacaoLoginModule' with a single class to authenticate users, this is the class that calls the web service with the username and password. This project references the deployable web proxy project (Properties > Java Build Path > Projects > checkbox marked next to project SGU_proxy).
  3) exported the Java project class, not including the 'SGU_proxyClientAPI.jar'.
  4) created a 'J2EE Server Component' > 'Library' project named 'AgregacaoLoginModuleJ2EE'.
  On the 'provider.xml' file added 2 jars: 'AgregacaoLoginModule.jar' and 'SGU_proxyClientAPI.jar'. References were made to the standard portal libraries. No references were made to the proxy 'SGU_proxy' or the 'AgregacaoLoginModule' project.
  The library was uploaded to the server, everything was ok and no errors were reported.
  The login module was configured on the server and is called when users try to acess Portal server.
  The problem is that when trying to authenticate users: after getting a reference to the proxy using jndi I get a ClassCastException. Note that this proxy is used in a WebDyn Pro application and is working fine.
  The web service client proxy generated the interface 'pt.agregacao.ws.sgu.Servicos' and from jndi I get 'class pt.agregacao.ws.sgu.ServicosImpl'. So this seems to be ok, why the exception?
  Is it necessary to had a reference to 'SGU_proxy' on the 'AgregacaoLoginModuleJ2EE' project? If so, how?
  Thanks in advance.
  Alvaro

  Hi,
  We've created a JAAS Login Module that calls a deployable web service proxy to validate users on Netweaver Portal 2004 SP19. To do this the following steps were taken:
  1) created a deployable web proxy named 'SGU_proxy' and uploaded it to server. This project created 2 files: 'SGU_proxy.ear' (the one uploaded) and 'SGU_proxyClientAPI.jar'.
  2) created a Java project named 'AgregacaoLoginModule' with a single class to authenticate users, this is the class that calls the web service with the username and password. This project references the deployable web proxy project (Properties > Java Build Path > Projects > checkbox marked next to project SGU_proxy).
  3) exported the Java project class, not including the 'SGU_proxyClientAPI.jar'.
  4) created a 'J2EE Server Component' > 'Library' project named 'AgregacaoLoginModuleJ2EE'.
  On the 'provider.xml' file added 2 jars: 'AgregacaoLoginModule.jar' and 'SGU_proxyClientAPI.jar'. References were made to the standard portal libraries. No references were made to the proxy 'SGU_proxy' or the 'AgregacaoLoginModule' project.
  The library was uploaded to the server, everything was ok and no errors were reported.
  The login module was configured on the server and is called when users try to acess Portal server.
  The problem is that when trying to authenticate users: after getting a reference to the proxy using jndi I get a ClassCastException. Note that this proxy is used in a WebDyn Pro application and is working fine.
  The web service client proxy generated the interface 'pt.agregacao.ws.sgu.Servicos' and from jndi I get 'class pt.agregacao.ws.sgu.ServicosImpl'. So this seems to be ok, why the exception?
  Is it necessary to had a reference to 'SGU_proxy' on the 'AgregacaoLoginModuleJ2EE' project? If so, how?
  Thanks in advance.
  Alvaro

• Custome login module:SDA can't reference com.sap.portal.usermapping_api.jar

  I made my own j2ee custom login module and one of the things I wanted the custom login module to do is to clear out the UME roles for the user logging in,  "download" the role assignments from an ABAP WAS system, and reassign those roles in UME.  I got the coding done and created my JAR file. In building the SDA file, I can't figure out how to add com.sap.portal.usermapping_api.jar to the provider.xml file.  I tried specifying it on thru "create new" and tried looking for it in the list from "Select library/interface/service, but I still get an error when loading the login module.
  Does anyone know how to do this?
  TIA.
  Mel Calucin
  Bentley Systems, Inc.

  Hi Mel,
  why do you think you need to reference the portal's user mapping service API? I'm not sure whether you can reference Portal services at all from J2EE level.
  If you need to use user mapping in your login module, you don't need the Portal's user mapping service. Instead, you can directly use the user mapping interfaces and methods of the UME, which are contained in a J2EE library.
  You can use something like the following reference to get runtime access to the UME API library:
  <reference reference-type="weak">
    <reference-target target-type="library">
      com.sap.security.api.sda
    </reference-target>
  </reference>
  Accessing user mapping is possible via com.sap.security.api.UMFactory.getUserMapping() which returns an object implementing com.sap.security.api.umap.IUserMapping. This is the main entry point for all user mapping related features.
  Please check the Javadoc for details:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/javadocs/nw04/sp12/user management engine - version 4.0/index.html
  I hope this helps.
  Best regards
  Heiko

• [svn:bz-trunk] 20680: Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7 .

  Revision: 20680
  Revision: 20680
  Author:   [email protected]
  Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
  Log Message:
  Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
  Modified Paths:
      blazeds/trunk/modules/opt/build.xml
  Added Paths:
      blazeds/trunk/modules/opt/lib/catalina-708.jar
      blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

  Revision: 20680
  Revision: 20680
  Author:   [email protected]
  Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
  Log Message:
  Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
  Modified Paths:
      blazeds/trunk/modules/opt/build.xml
  Added Paths:
      blazeds/trunk/modules/opt/lib/catalina-708.jar
      blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

• Custom login module and SSO using 10.1.3.3

  We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
  I created a proof of concept to address this requirement using the examples at
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  and also
  http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
  specifically using DBProcLoginModule to call a database package.
  The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
  All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
  Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
  My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
  So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
  Any guidance is appreciated.
  Regards,
  Adrian

  Hi,
  this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
  Frank

• Custom login module - Not invoked...

  Hi All
  I have developed a custom login module and the necessary configuration steps in VA are performed. However, the custom login module is not called...
  1. Developed a Java DC as a Child DC in a Library DC.
  2. Added all the relevant jars needed as Used DC and Public Parts as required. Also updated the provider.xml with relevant references.
  3. Build and Deployed. (No errors found here..)
  4. In VA - Created a new Login Module.... updated the property LoginModuleClassLoaders to library:xyz where xyz is the name of the folder for deployed sda as found in cluster\j2ee\serverx\bin\ext...next updated the config tool for the same.... next modified the sap.com/irj*irj authentication as:
  Basic - Requisite
  CustomModule - Optional.
  Then performed server restart. Yet, login module not called. Any ideas as to where I am going wrong..?? (In my login module, just trying to retrieve the user name and change their attributes like lastname etc... )
  Thanks
  Deepak

  Issue solved....
  Had forgot to add the module to the ticket stack...

• [svn:bz-4.0.0_fixes] 21006: Merge Tomcat 7 login module from BlazeDS trunk to BlazeDS 4.0.0_fixes.

  Revision: 21006
  Revision: 21006
  Author:   [email protected]
  Date:     2011-03-31 13:00:11 -0700 (Thu, 31 Mar 2011)
  Log Message:
  Merge Tomcat 7 login module from BlazeDS trunk to BlazeDS 4.0.0_fixes.
  Checkintests: passed
  Modified Paths:
      blazeds/branches/4.0.0_fixes/modules/opt/build.xml
  Added Paths:
      blazeds/branches/4.0.0_fixes/modules/opt/src/tomcat/flex/messaging/security/Tomcat7Valve. java

  Dear Insaponata ,
  I dont understand what do you mean by oneoff but see the following:
  A patch is a one-off fix for a specific issue. The patch may be a manual process, or applied using the opatch utility. These changes may not result in an oracle version change, so it is only possible to tell that they have been applied by keeping a manual record, or by listing the patches applied via opatch, assuming that is how you applied them. Patches may have specific dependencies, so you must check you have the correct patch for your version.
  A patchset is a collection or bundle of patches. Typically, a patchset is a more major operation, and as such will include be applied using the Oracle Universal Installer. The patchset will typically result in a significant version change, like 10.2.0.1.0 to 10.2.0.2.0 etc. Patchsets are usually cumulative, so you can patch anything from the base version release to the latest patchset in one go. So the same 9.2.0.8.0 patchset will be used to patch 9.2.0.1.0 and 9.2.0.7.0.
  The word bundle implies a collection of patches, but a bundle may not be as big or important as a complete patchset. The bundle simply implies there are multiple patches bundles together.
  I get this from this link:
  http://www.araboug.org/ib/index.php?showtopic=25466
  Mohamed

• Login Module Flags

  Dear All,
  We have build a new login module "MyLoginModule"  to check the user session and if the user has one more session active, the custom built "MyLoginModule"  will fail the authentication of the user.
  We have added the login module to "TICKET" Authentication Scheme. So the "Ticket" Authentication Template contains the following :
  EvaluateTicketLoginModule               SUFFICIENT
  MyLoginModule                                  REQUISTE
  BasicPasswordLoginModule             REQUIRED
  CreateTicketLoginModule                  SUFFICIENT
  If "MyLoginModule" fails, the authentication should not proceed,and control returns to the application. This is what i required.
  But the authentication still proceeds down, even if "MyLoginModule" Fails ...,     though I set the "REQUISTE" Flag to  MyLoginModule,  . 
  How to resolve this?
  Regards
  Eben Chella Metilda V.A

  I am just wondering... does your login module just return false when you want to fail the authentication?  If you want it to stop proceeding through the login module stack, you have to throw a LoginException.
  -- Katrina

• Opinions on implementing a JAAS login module to achieve SSO

  We are looking at implementing SSO from a sharepoint website to the portal.  The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
  the desired user experience looks something like this.
  user--login> sharepoint site -no login--
  >portal
  One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
  I would like to get your opinions on how viable you think this method is.  One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
  the method is basically this.
  1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
  2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
  3. we don't want the user to have to login to access the resource when they click on the link
  4. to facilitate this, sharepoint has constructed the link in the following way
  5. the link is an https link
  6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
  7. the parameters are
  8. un = the users AD username
  9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
  10. the user clicks the link and is directed to the SAP portal
  11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
  12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
  If you think there is an easier way, please let us know.  We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.

  Hey Gary,
    I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
    This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
    Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
    Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
    We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
    If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
  -Kevin

• SOAP Web Service +  Custom Login Module issue

  Hi Guys,
  We faced an authentication issue in our project. Could you please give any advice how the issue could be resolved.
  Environment: A simple SOAP Web Service on top of POJO class created in a Web Application. The web application deployed to the SAP NetWeaver 7.10 Application Server in the Enterprise Application Archive.
  Configuration:
        Single Service Administration Application(NetWeaver Administration -> SOA Management -> Application and Scenario Communication -> Single Service Administration)
         The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
      Authentication Application(NetWeaver Administration-> Configuration Management->Security->Authentication)
        The application(<vendorName>/<earName>*<vendor>~<webAppName>) has Authentication Stack configured to use our custom login module.
  Issue:  BasicPasswordLoginModule used by the J2EE when we are trying to execute the web service using Web Service Navigator(checked in debug mode). It seems that we missed something in configuration.
  Idea: The main Idea is to use our custom login module when we are executing a web service.
  Could you help me to resolve the issue.
  Thanks,
  Dmitry
  Edited by: Dmitry Eidin on Jul 17, 2009 3:46 PM

  > The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
  That's the point.