This section provides an overview of the common security terminology.
The most common security processes are authentication, authorization, realm assignment, and role mapping.
Authentication verifies the user. For example, when the user provides a user name and password in a web browser, if those credentials match the permanent profile stored in the active realm, the user is authenticated. The user is associated with a security identity for the remainder of the session. For more information on authentication realms, see Managing Authentication Realms in Sun Java System Web Server 7.0 Administrator’s Guide.
Authorization permits a user to perform desired operations after being authenticated. For example, a human resources application might authorize managers to view personal employee information for all employees, but allow employees to view only their own personal information.
A realm, also called a security policy domain or a security domain in the Java EE specification, is a scope over which a common security policy is defined and enforced by the security administrator of the security service. Supported realms in Sun Java System Web Server 7.0 are file, ldap, certificate, solaris, custom, and native.
In the Java EE/Servlet security model, a client may be defined in terms of a security role. For example, a company might use its employee database to generate both a company-wide phone book application and payroll information obviously, While all employees might have access to phone numbers and email addresses, only some employees would have access to the salary information. Employees with the right to view or change salaries might be defined as having a special security role.
A role is different from a user group in that a role defines a function in an application, while a group is a set of users who are related in some way. For example, members of the groups astronauts, scientists, and pilots all fit into the role of SpaceShuttlePassenger.
In Sun Java System Web Server 7.0, roles correspond to users, groups or both used and groups configured in the active realm.