Chapter 7 Security


299


7.2.1 Authentication


Authentication is the mechanism by which a client presents an identifier and the


service provider verifies the client's claimed identity. When the proof occurs in two


directions the caller and service both prove their identity to the other party it is


referred to as mutual authentication. 


Typically, a client interaction with a J2EE application accesses a set of com 


ponents and resource, such as JSPs, enterprise beans, databases, and Web service


endpoints. When these resources are protected, as is often the case, a client pre 


sents its identity and credentials, and the container determines whether the client


meets the criteria for access specified by the authorization rules. The platform also


allows lazy authentication, which allows unauthenticated clients to access unpro 


tected resources but forces authentication when these clients try to access pro 


tected resources. The platform additionally permits authentication to occur at


different points, such as on the Web or EJB tier. The J2EE container handles the


authentication based on the requirements declared in the deployment descriptor.


Not only does the container enforce authentication and establish an identity


when a client calls a component, but the container also handles authentication


when the initially called component makes calls to other components and


resources. Processing a client's request to a component might require the compo 


nent to make a chain of calls to access other resources and components. Each sub 


sequently called component might have its own authentication requirements, and


these requirements might differ from those of the initially called component. The


J2EE container handles this by establishing an identity with each call along the


chain of calls. The J2EE platform allows the client identity established with the


initial call's authentication to be associated with subsequent method calls and


interactions. That is, the client's authenticated identity can be propagated along


the chain of calls. 


It is also possible to configure a component to establish a new identity when it


acts as a client in a chain of calls. When so configured, a component can change


the authenticated identity from the client's identity to its own identity. Regardless


of how it is handled, the J2EE container establishes an identity for calls made by a


component. Also, the J2EE container handles unauthenticated invocations that do


not require a client to establish an identity. This mechanism can be useful for sup 


porting use cases where a client does not have to authenticate.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting