Chapter 7 Security
301
Protection
Protection
Domain
Domain
c3
c1
c2
Authentication
or Anonymous
c4
Trust
Trust
Figure 7.2
Protection Domain Established by Authentication Boundaries
7.2.1.2
Web Tier Authentication
Developers can specify that authentication be performed on the Web tier when
certain components and resources are accessed, in which case the authentication is
handled by the J2EE Web container. J2EE Web containers must support three differ 
ent authentication mechanisms: 
  HTTP basic authentication The Web server authenticates a principal using 
the username and password obtained from the Web client. The username and 
password are included in the HTTP headers and are handled at the transport 
layer.
  Form based authentication A developer can customize a form for entering 
username and password information, and then use this form to pass the infor 
mation to the J2EE Web container. This type of authentication, geared toward 
Web page presentation applications, is not used for Web services.
  HTTPS mutual authentication Both the client and the server use digital cer 
tificates to establish their identity, and authentication occurs over a channel 
protected by Secure Sockets Layer.
Generally, for Web tier authentication, the developer specifies an authoriza 
tion constraint to designate those Web resources such as Web service endpoints,
HTML documents, Web components, image files, archives, and so forth that
need to be protected. When a user tries to access a protected Web resource, the
Web container applies the particular authentication mechanism (either basic,






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting