Typical WebSphere security scenario

A typical user interaction with a secure application running under WebSphere might look something like this:
1. The user requests a protected resource in an enterprise application.
2. If security is enabled and properly configured, WebSphere intercepts the request to the protected resource. In this case, we are using Form-based Custom Login as the mode of authentication.
3. WebSphere presents the user with the custom login form page (in this case, login.jsp).
4. The user supplies credentials, typically in the form of user ID and password.
5. WebSphere authenticates using j_security_check, the default login servlet provided by WebSphere. Authentication can be based on either local operating system, LDAP or a custom registry.
6. If authentication is successful, the user gains access to the protected resource, provided that the user has the correct access rights, or roles, for the resource. If the authentication and authorization process is not successful, the user is unable to log in.