InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.2: The WebSphere authentication model
Authentication
is the process of determining if a user is who the user
claims to be. WebSphere Application Server authenticates users
by using one of several authentication mechanisms.
For example, it can challenge users to provide a password.
Available authentication procedures include the following:
- No authentication
If no authentication is used, users are not required to prove
their identities.
- Basic authentication
Basic authentication is a familiar
form of authentication, in which the security service
requests an identifier and password combination from a user when
the user attempts to access a resource.
After a user provides an identifier and password, the security service
validates them against a database of known users
, which can take the form of a simple registry or a distributed
directory service. If the user-provided information is valid, the
security system considers the user authenticated.
- The form-based login challenge
Instead of using identifier-and-password combinations or
digital certificates, application designers can write custom
challenges for applications. The authentication procedure in a
custom challenge can take any form the application developers
can implement.
|
|