Authenticating a Client (Sun Java System Application Server Enterprise Edition 8.2 Upgrade and Migration Guide)

Sun Java System Application Server Enterprise Edition 8.2 Upgrade and Migration Guide

Authenticating a Client

Application Server 6.x provides a client-side callback mechanism that enables applications to collect authentication data from the user, such as the username and the password. The authentication data collected by the iPlanet CORBA infrastructure is propagated to the application server via IIOP.

If ORBIX 2000 is the ORB used for RMI/IIOP, portable interceptors implement security by providing hooks, or interception points, which define stages within the request and reply sequence.

In Application Server 8.2, The authentication is done based on JAAS (Java Authorization and Authentication System API). If a client does not provide a CallbackHandler, then the default CallbackHandler, called the LoginModule, is used by the ACC to obtain the authentication data.

For detailed instructions on using JAAS for authentication, see Chapter 9, Configuring Security, in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide.