Skip to main content

Digital Transformation

Implementing Form Based TAI for the Developer

As identified in another post Full login filter testing for local developer environments, the requirement may arise that developer environments need to fully test implicitLoginFilter without deploying code to another environment.  This post walks thru the code and setup of a form based TAI.

Create a new class which implements TrustAssociationInterceptor. In this class we will pull 3 properties from the WAS configurations of the interceptor. These three properties and a description of the information each will hold are:

  • formid – name of a hidden field in the form utilized for login
  • formidvalue – value of the hidden field that will need to match the value passed thru the request
  • useridfield – name of the form field containing the ID of the user to be logged in

In my implementation I have set these values to the following values:

  • formid = TAI_Form
  • formidvalue = SecretKeyValue
  • useridfield = userid

Once you have everything configured in WAS you will need to create a login form.  I have used


<form id=”loginForm” action=”http://localhost:10039/wps/myportal” method=”post”>
User ID: <input type=”text” name=”userid” value=”wpsadmin” /><br/>
<input type=”hidden” name=”TAI_Form” value=”SecretKeyValue” />
<input type=”submit” value=”Submit” />


 * @author Charles Mahoney, Perficient Inc
public class FormBasedTAI implements TrustAssociationInterceptor {

	private static String formID = null;
	private static String formID_Value = null;
	private static String userIDfield = null;
	private static Logger logger = Logger.getLogger(FormBasedTAI.class.getName());

	public void cleanup() {	}

	public String getType() {return String.format("%s version %s", this.getClass().getName(), this.getVersion());}

	public String getVersion() {return "1.0";}

	public int initialize(Properties props) throws WebTrustAssociationFailedException {
		logger.entering(this.getClass().getName(), "FormBasedTAI.initialize()");

		// read properties from configuration in WAS
		this.formID = props.getProperty("formid");
		this.formID_Value = props.getProperty("formidvalue");
		this.userIDfield = props.getProperty("useridfield");

			logger.severe("the required configurations for the FormBasedTAI were not properly set");
			return 1;

		logger.exiting(this.getClass().getName(), "FormBasedTAI.initialize()");
		return 0;

	private boolean hasAllConfigurations(){
				&& StringUtils.isNotBlank(this.formID_Value)
				&& StringUtils.isNotBlank(this.userIDfield)
			return true;
		return false;

	public boolean isTargetInterceptor(HttpServletRequest req) throws WebTrustAssociationException {
			if(req.getParameter(formID).equalsIgnoreCase(formID_Value)){"Form ID matches desired value");
				return true;
			}else{"The FormID of " + req.getParameter(formID) + " does not match the desired value of " + this.formID_Value);
		return false;

	public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest req, HttpServletResponse res) throws WebTrustAssociationFailedException {
		logger.entering(this.getClass().getName(), "FormBasedTAI.negotiate...()");
			return TAIResult.create(HttpServletResponse.SC_OK, req.getParameter(this.userIDfield));
		return TAIResult.create(HttpServletResponse.SC_UNAUTHORIZED);

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Charles Mahoney

More from this Author

Follow Us