FileNet P8 Platform, Version 5.2.1            

FileNet P8 server authentication architecture

The primary servers in FileNet® P8 are Content Platform Engine.

The following subtopics describe how these servers perform authentication.

Content Platform Engine authentication architecture

The next figure shows a high-level view of a Content Platform Engine server and some of the types of client applications that access it. Content Platform Engine is packaged as a Java EE application, deployed on one or more Java EE application server instances. The key components of this application are:

  • The Content Platform Engine Web Service listener. This listener is packaged as a servlet-based application that resides in the Web container of the application server. The listener implements the Content Platform Engine Web service and supports FileNet P8 Web service clients. The listener exposes the full functionality of the Content Platform Engine server through a standard Web services API. Requests that arrive at this Web service are authenticated based on the credentials in their WS-Security headers, and then passed on to the Content Platform Engine EJB layer.
  • The Process Engine Web Service listener. This listener is packaged as a servlet-based application that resides in the Web container of the application server. The listener implements the Process Engine Web Services API and supports FileNet P8 Web service clients. The listener exposes a subset of functionality that is in the Process Engine Java API. Requests that arrive at this Web service are authenticated based on the credentials in their WS-Security headers, and then passed on to the Process Engine EJB layer.
  • The Content Platform Engine EJBs. These Java EE session beans reside in the EJB tier of the application server and implement the same Web services API as the Content Platform Engine Web Service, exposing them through an Enterprise Java Bean interface, rather than a Web services interface. All clients of this EJB layer must perform a JAAS login prior to sending a request to one of the EJBs.
  • The JAVA API. Process Engine applications can have a JAVA and a WSDL to a Process Engine Web Services API for use in their own web services client framework.
  • The core content management logic resides in the resource adapter tier of the application server.
  • The Process Engine EJBs are EJB 3 which reside in the EJB tier of the application server. A Process Engine client application can use the same Java API to connect to Process Engine via EJB or HTTP. The HTTP transport however only accepts Username/Password as the main authentication mechanism.

The Web Service Listener and EJB layers are referred to as the two transport layers of Content Platform Engine. All client requests enter Content Platform Engine through one of these two transport layers, which include the previously separate Process Engine listener layer and EJB layers. The Process Engine EJB layer includes a number of EJB 3 for the Process Engine API and other supporting components, such as Case Analyzer.

Content Platform Engine and some types of client applications.



Last updated: March 2016
p8psn039.htm

© Copyright IBM Corporation 2016.