InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.2: The WebSphere authentication model

5.1.2: The WebSphere authentication model

Authentication is the process of determining if a user is who the user claims to be. WebSphere Application Server authenticates users by using one of several authentication mechanisms. For example, it can challenge users to provide a password. Available authentication procedures include the following:

  • No authentication

    If no authentication is used, users are not required to prove their identities.

  • Basic authentication

    Basic authentication is a familiar form of authentication, in which the security service requests an identifier and password combination from a user when the user attempts to access a resource.

    After a user provides an identifier and password, the security service validates them against a database of known users , which can take the form of a simple registry or a distributed directory service. If the user-provided information is valid, the security system considers the user authenticated.

  • The form-based login challenge

    Instead of using identifier-and-password combinations or digital certificates, application designers can write custom challenges for applications. The authentication procedure in a custom challenge can take any form the application developers can implement.

Go to previous article: Security features Go to next article: Authorization model

 

 
Go to previous article: Security features Go to next article: Authorization model