User Authentication Schemes
The process of authenticating users, or client programs running on behalf of the user, for Web applications is different from the one specified by JAAS (Java Authentication and Authorization Service) that we went over in the Access Control chapter. The main difference is that a Web application runs within the context of a Web container and is accessed by a user through a Web browser, over HTTP, whereas JAAS is designed for scenarios where the user-facing component and the backend component are both Java programs running within the same JVM. JAAS doesn't have to worry about secure exchange of sensitive username and password information between two programs, possibly over an insecure network.[2] An insecure network could ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.