About Authentication and Authorization

 

 

 

TABLE 9–1Enterprise Server Authentication Methods

(Continued)

DIGEST

HTTP and SIP

 

Server authenticates the client based

SSL and TLS

 

 

 

on an encrypted response.

 

 

 

 

 

 

 

 

Verifying Single Sign-On

Single sign-on enables multiple applications in one virtual server instance to share the user authentication state. With single sign-on, a user who logs in to one application becomes implicitly logged in to other applications that require the same authentication information.

Single sign-on is based on groups. All Web applications whose deployment descriptor defines the same group and use the same authentication method (BASIC, FORM, CLIENT-CERT) share single sign-on.

Single sign-on is enabled by default for virtual servers defined for the Enterprise Server.

Authorizing Users

Once a user is authenticated, the level of authorization determines what operations can be performed. A user's authorization is based on his role. For example, a human resources application may authorize managers to view personal employee information for all employees, but allow employees to view only their own personal information. For more on roles, see “Understanding Users, Groups, Roles, and Realms” on page 104.

Specifying JACC Providers

JACC (Java Authorization Contract for Containers) is part of the Java EE specification that defines an interface for pluggable authorization providers. This enables the administrator to set up third-party plug-in modules to perform authorization.

By default, the Enterprise Server provides a simple, file-based authorization engine that complies with the JACC specification. It is also possible to specify additional third-party JACC providers.

JACC providers use the Java Authentication and Authorization Service (JAAS) APIs. JAAS enables services to authenticate and enforce access controls upon users. It implements a Java technology version of the standard Pluggable Authentication Module (PAM) framework.

Auditing Authentication and Authorization Decisions

The Enterprise Server can provide an audit trail of all authentication and authorization decisions through audit modules. The Enterprise Server provides a default audit module, as well as the ability to customize the audit modules.

Chapter 9 • Configuring Security

103

Page 103
Image 103
Sun Microsystems 820433510 manual Authorizing Users, Specifying Jacc Providers, Verifying Single Sign-On