4.11 Partitioning Web Applications

Web applications are logical groups of Web resources. Therefore, certain security constraints, such as login configuration and data constraints, are scoped to a specific Web application. In some scenarios, a single authentication mechanism does not address the security requirements of all the applications being hosted. For example, some of the applications can suffice with a form-based login. Others have more stringent security requirements and necessitate the use of certificate-based authentication. Because it acts as an SSO mechanism, the Web container design point is limited with respect to authentication in that login information to a Web application is required to be shared with other Web applications within the same Web container. To work around this limitation, applications with different authentication requirements need to be hosted in different Web container instances ”for example, the same Web container but running in a separate process ”or through virtual hosting. ^[7] Therefore, in addition to securing resources based on declarative security and programmatic control, security characteristics can be tuned by appropriately partitioning applications.

^[7] Virtual hosting is the provision of the Web server and other services so that a company or individual does not have to buy and maintain a Web server host with a line to the Internet but can use the Web server of a virtual hosting provider , also called a Web or Internet space provider . This is achieved by allowing a Web server to serve contents for more than one domain name or IP address. This way, a single machine or Web server can handle multiple Web sites.

Consider two Web applications, WebAppA and WebAppB, and suppose that WebAppA is secured using form-based login, whereas WebAppB is secured using certificate-based login. If both Web applications are deployed in the same Web container, the user accessing these resources will be allowed to access all of them after the inital access, regardless of the authentication mechanism used on that initial access. For instance, if the first request is to WebAppA, the user provides user ID and password through form-based login. Although WebAppB requires the user to exhibit a client digital certificate to log in, this certificate will not be required if the user has already logged on to WebAppA. Therefore, if the intention is to provide a higher level of security for WebAppB by requiring client digital certificates in order to access WebAppB, that cannot be achieved by hosting WebAppA and WebAppB in a single Web container. If two different levels of security are to be provided for WebAppA and WebAppB, the two Web applications must be deployed in two different Web containers.

Owing to other SSO features provided by the J2EE vendor, it may still be the case that login to access one Web application may influence access rights to other applications in other containers. In such cases, the security requirements of the Web resources need to be evaluated and enforced through appropriate partitioning and deployment and by using other vendor-specific security facilities offered by J2EE products.