O'Reilly logo

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

User Authentication Schemes

The process of authenticating users, or client programs running on behalf of the user, for Web applications is different from the one specified by JAAS (Java Authentication and Authorization Service) that we went over in the Access Control chapter. The main difference is that a Web application runs within the context of a Web container and is accessed by a user through a Web browser, over HTTP, whereas JAAS is designed for scenarios where the user-facing component and the backend component are both Java programs running within the same JVM. JAAS doesn't have to worry about secure exchange of sensitive username and password information between two programs, possibly over an insecure network.[2] An insecure network could ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required