J2EE.9.2 Security

Previous page
Table of content
Next page

Application clients have the same authentication requirements and may use the same authentication techniques as other J2EE application components .

Unprotected web resources may be accessed without authentication. Authentication when accessing protected web resources may use HTTP basic authentication, SSL client authentication, or HTTP login form authentication. Lazy authentication may be used.

Authentication is required when accessing enterprise beans. The authentication mechanisms for enterprise beans are unspecified. Lazy authentication may be used.

The application client may authenticate its user in a number of ways. The techniques used are platform-dependent and not under control of the application client. The application client container may integrate with the platform's authentication system, providing a single signon capability. The application client container may authenticate the user when the application is started. The application client container may use lazy authentication, authenticating the user only when it needs to access a protected resource. This version of this specification does not describe the technique used to authenticate the user .

If the application client container needs to interact with the user to gather authentication data, the container will provide an appropriate user interface. In this specification, no mechanism is provided for the application client itself to provide a user interface for authentication. However, in the case of HTTP login form authentication, the user interface is provided by the server (in the form of an HTML page delivered in response to an HTTP request) and must be displayed by the application client.

In a future version of this specification, application clients will be able to use the Java Authentication and Authorization Service APIs to access information about the currently authenticated user, to write portable authentication user interfaces, and to participate in and control the authentication process. (See Section J2EE.11.7, "Security APIs.")

Application clients execute in an environment with a security manager installed and have similar security permission requirements as servlets. The security permission requirements are described fully in Chapter J2EE.6, "Application Programming Interface."


Previous page
Table of content
Next page
Java 2 Platform, Enterprise Edition. Platform and Component Specifications
Java 2 Platform, Enterprise Edition: Platform and Component Specifications
ISBN: 0201704560
EAN: 2147483647
Year: 2000
Pages: 399
Authors: Bill Shannon, Mark Hapner, Vlada Matena, James Davidson, Enterprise Team, Eduardo Pelegri-Llopart, The Enterprise Team
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Systematic Software Testing (Artech House Computer Library)
The Java Tutorial: A Short Course on the Basics, 4th Edition
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Microsoft VBScript Professional Projects
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy