Sun Java System Web Server 7.0 Developer's Guide to Java Web Applications

Java EE/Servlet-Based Authentication and Authorization

, In addition to providing ACL-based authentication, Sun Java System Web Server 7.0 also implements the security model defined in the Java EE 1.4 specification to provide several features that help you develop and deploy secure Java web applications.

A typical Java EE-based web application consists of the following parts, access to any or all of which can be restricted:

The Java EE servlet-based access control infrastructure relies on the use of security realms. When a user tries to access the main page of an application through a web browser, the web container prompts for the user's credential information. The container then passes the information for verification to the realm that is currently active in the security service.

A realm, represents a set of known users along with optional group membership information. The main implementation also encapsulates a mechanism for performing authentication against the data set.

The main features of the Java EE/Servlet-based access control model are described below: