Online Authentication

The product authenticates the online users using native implementation via basic authentication. There are no authentication specific configurations that are required at the container level. The web application server, Apache Tomcat that hosts the utilities testing accelerator can support one or more of the following:

• Inbuilt Security: The Java EE Web Application Server typically supplies a default basic security store and associated security management capability that can be used if no other security repository exists.

• DBMS Based Security: The Java EE Web Application Server can store, manage and retrieve security information directly from a database.

• Operating System Based Security: The Java EE Web Application Server can store, manage and retrieve security information directly from the underlying operating system.

After the validity of the user is established, an authorized user is issued an access token that is used for transaction security. After every successful login, Spring Boot uses a native OAuth 2.0 compliant authorization rules to generate a JWT based which is saved and exchanged although the user session.

REST based webservices also require an authentication token during invocation. These tokens are generated based on user credentials by hitting the oauth specific end point exposed natively by spring boot. For more details see the Configuring Authentication for REST Services section.