JAAS Authentication in WebLogic Server

Before accessing HDR Services you must connect to and authenticate with HDR. The authentication process is carried out through JAAS by the WebLogic, the underlying application server. JAAS in turn delegates these requests to a provider that authenticates users against a repository, and determines authorization based on EJB deployment descriptors and other application server configuration files. JAAS also provides access authorization to particular EJBs and EJB methods.

JAAS and the ServiceLocator

The following key fundamentals relate to the behavior and use of the ServiceLocator:

• JAAS authentication is a function of establishing a session with the application server. If authentication is successful, the authenticated user details are used to authenticate with JAAS when attempting to access protected EJB components.
• JAAS authorization occurs whenever a user attempts access to a protected resource (for example, an HDR Service EJB). JAAS authorization is in addition to that provided by HDR Authorization mechanisms.
• JAAS is configured with a separate repository of user names as passwords (such as an LDAP server), outside of HDR. External user repositories such as Oracle Identity Management Suite can be integrated with WebLogic server.

See also:

• The WebLogic application server documentation. For more information about available JAAS providers, JAAS configuration, and use by WebLogic, follow this link: https://docs.oracle.com/middleware/12213/wls/SCPRG/fat_client.htm#SCPRG224.