| Skip Navigation Links | |
| Exit Print View | |
|
Oracle GlassFish Server 3.1 Security Guide |
1. Administering System Security
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
7. Integrating Oracle Access Manager
About OAM Security Provider for Glassfish
Obtaining Oracle Access Manager Group Information
Understanding OAM Security Provider Use Cases
Use Case: Authentication for Web Resources Via Access Gate
Use Case: Identity Assertion for Web Resources via WebGate
Use Case: Authorization Checks Based on Policy Manager
Configuring the OAM Security Provider
Integrating OAM Security Provider with Oracle Access Manager 10g
Integrating OAM Security Provider with Oracle Access Manager 10g
Integrating OAM Security Provider with Oracle Access Manager 11g
Integrating OAM Security Provider with Oracle Access Manager 11g
Addtional Considerations for Certificate Authentication
Integrating OAM Security Provider with Oracle Access Manager 11g and WebGate
Integrating OAM Security Provider with Oracle Access Manager 11g and WebGate
Additional Considerations for Certificate Authentication With a WebGate
The JavaEE Web applications you want to protect should be configured with deployment descriptors containing required <security-constraint> and associated <auth-constraint> specifying the roles. The descriptors should not contain <login-config> elements that specify the JavaEE supported authentication methods.
Instead, the OAM Security Provider determines the authentication mechanism to used based on the challenge method of the Authentication Scheme you configure for the resource in Oracle Access Manager. For example consider the Authentication Scheme shown in Figure 7-3, which uses the BASIC challenge method.
Figure 7-3 BASIC Authentication Scheme
The authentication mechanisms supported by the OAM Security Provider are BASIC, FORM or Client-Cert. The default is BASIC. The Authentication Schemes supported at Oracle Access Manager include BASIC, FORM and Client-Cert. The use of the SSL transport is optional for BASIC and FORM.
|