2.2.3 Preventing unauthorized users from accessing the system (authentication functionality)
To safely manage information handled by the system and ensure security, you should prevent unauthorized users from accessing the system. Authentication functionality is effective for this purpose.
The application server offers the following authentication functionality:
-
User login authentication through the integrated user management framework
This functionality uses integrated management of information about users who log into the system to enable multiple applications to be accessed with a single login.
-
Web container-based authentication by <security-constraint> element setup
This functionality uses a Web container to allow only authorized users to access a given application. Information for authentication is defined by using the <security-constraint> element in the DD file (web.xml).
-
EJB container-based authentication by <security-identity> element setup
This functionality uses an EJB container to allow only authorized users to access a given application. Information for authentication is defined by using the <security-identity> element in the DD file (ejb-jar.xml) or cosminexus.xml.
The method of execution, specified using the <method-permission> element, can be controlled depending on the role assigned to each user.
If you implement an EJB client application by using the application server's API, you can authenticate access from the EJB client application.