You can apply BASIC Authentication (the browser will request username and password).
In the web.xml, declare a security-constraint which defines a web-resource-collection and a auth-constraint with a role-name.
You shall also define which security realm will authenticate the user.
Specify a login-config/auth-method=BASIC.
In weblogic.xml, you create a security-role-assignment where you map a role-name to a principal-name.
At the end of the story, your principal-name is authorized to access a web-resource-collection.
To have a FORM based authentication, you define a login-config/auth-method=FORM, and you provide a form-login-config to tell which jsp page to use for login.
You can have CLIENT-CERT based authentication using 2 way SSL. (TODO find more about this)
It seems that this is supported only with JNDI login, and not with the JAAS login.
The user-data-constraint-transport-guarantee clause determines the level of encryption/signature of the data.
SAML is a remote, or perimeter, login method.
Saturday, March 27, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment