Sun Microsystems 820433510 Server User Manual


  Open as PDF
of 256
 
TABLE9–1 Enterprise ServerAuthenticationMethods (Continued)
DIGEST HTTP and SIP Server authenticates theclient based
on an encryptedresponse.
SSL and TLS
Verifying Single Sign-On
Single sign-on enables multiple applications in one virtual server instance to share the user
authentication state. With single sign-on, a user who logs in to one application becomes
implicitly logged in to other applications that require the same authentication information.
Single sign-on is based on groups. All Web applications whose deployment descriptor denes
the same group and use the same authentication method (BASIC, FORM, CLIENT-CERT)
share single sign-on.
Single sign-on is enabled by default for virtual servers dened for the Enterprise Server.
Authorizing Users
Once a user is authenticated, the level of authorization determines what operations can be
performed. A user's authorization is based on his role. For example, a human resources
application may authorize managers to view personal employee information for all employees,
but allow employees to view only their own personal information. For more on roles, see
“Understanding Users, Groups, Roles, and Realms” on page 104.
Specifying JACC Providers
JACC (Java Authorization Contract for Containers) is part of the Java EE specication that
denes an interface for pluggable authorization providers. This enables the administrator to set
up third-party plug-in modules to perform authorization.
By default, the Enterprise Server provides a simple, le-based authorization engine that
complies with the JACC specication. It is also possible to specify additional third-party JACC
providers.
JACC providers use the Java Authentication and Authorization Service (JAAS) APIs. JAAS
enables services to authenticate and enforce access controls upon users. It implements a Java
technology version of the standard Pluggable Authentication Module (PAM) framework.
Auditing Authentication and Authorization Decisions
The Enterprise Server can provide an audit trail of all authentication and authorization
decisions through audit modules. The Enterprise Server provides a default audit module, as well
as the ability to customize the audit modules.
AboutAuthenticationand Authorization
Chapter9 • ConguringSecurity 103
 previous next