Chapter 7 Security
299
7.2.1 Authentication
Authentication is the mechanism by which a client presents an identifier and the
service provider verifies the client's claimed identity. When the proof occurs in two
directions the caller and service both prove their identity to the other party it is
referred to as mutual authentication. 
Typically, a client interaction with a J2EE application accesses a set of com 
ponents and resource, such as JSPs, enterprise beans, databases, and Web service
endpoints. When these resources are protected, as is often the case, a client pre 
sents its identity and credentials, and the container determines whether the client
meets the criteria for access specified by the authorization rules. The platform also
allows lazy authentication, which allows unauthenticated clients to access unpro 
tected resources but forces authentication when these clients try to access pro 
tected resources. The platform additionally permits authentication to occur at
different points, such as on the Web or EJB tier. The J2EE container handles the
authentication based on the requirements declared in the deployment descriptor.
Not only does the container enforce authentication and establish an identity
when a client calls a component, but the container also handles authentication
when the initially called component makes calls to other components and
resources. Processing a client's request to a component might require the compo 
nent to make a chain of calls to access other resources and components. Each sub 
sequently called component might have its own authentication requirements, and
these requirements might differ from those of the initially called component. The
J2EE container handles this by establishing an identity with each call along the
chain of calls. The J2EE platform allows the client identity established with the
initial call's authentication to be associated with subsequent method calls and
interactions. That is, the client's authenticated identity can be propagated along
the chain of calls. 
It is also possible to configure a component to establish a new identity when it
acts as a client in a chain of calls. When so configured, a component can change
the authenticated identity from the client's identity to its own identity. Regardless
of how it is handled, the J2EE container establishes an identity for calls made by a
component. Also, the J2EE container handles unauthenticated invocations that do
not require a client to establish an identity. This mechanism can be useful for sup 
porting use cases where a client does not have to authenticate.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting