SRV.11.6 Server Tracking of Authentication Information


As the underlying security identities (such as users and groups) to which roles are mapped in a runtime environment are environment specific rather than application specific, it is desirable to:

  1. Make login mechanisms and policies a property of the environment the web application is deployed in.

  2. Be able to use the same authentication information to represent a principal to all applications that are deployed in the same container.

  3. Require the user to re-authenticate only when crossing a security policy domain.

Therefore, a servlet container is required to track authentication information at the container level and not at the web application level, allowing a user who is authenticated against one web application to access any other resource managed by the container which is restricted to the same security identity.



Java 2 Platform, Enterprise Edition. Platform and Component Specifications
Java 2 Platform, Enterprise Edition: Platform and Component Specifications
ISBN: 0201704560
EAN: 2147483647
Year: 2000
Pages: 399

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net