A user or client makes a request by choosing a link on an Actuate Java Components page or by typing an Actuate Java Components URI in a web browser. A Java Components application processes the request.

If a custom security adapter parameter is set in the web.xml file, the Java Components attempt to load the custom security adapter class. If the class loads successfully, the following steps occur:

The Java Components call the custom security adapter’s authenticate( ) method with the parameters that the browser sent.

The authenticate( ) method performs the custom validation.

The Java Components call the getUserName( ), getPassword( ), and getUserHomeFolder( ) methods to retrieve the user information the Actuate web service requires.

Optionally, the Java Components call the getExtendedCredentials( ) method. If this method returns null, there are no extended credentials to send to the web service.

The application server provides the necessary information to the access manager.