InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.2: The WebSphere authentication model
Authentication
is the process of determining if a user is who the user
claims to be. WebSphere Application Server authenticates users
by using one of several authentication mechanisms.
For example, it can challenge users to provide a password, or it can
require them to provide a digital certificate.
Available authentication procedures include the following:
- No authentication
If no authentication is used, users are not required to prove
their identities.
- Basic authentication
Basic authentication is a familiar
form of authentication, in which the security service
requests an identifier and password combination from a user when
the user attempts to access a resource.
After a user provides an identifier and password, the security service
validates them against a database of known users
, which can take the form of a simple registry or a distributed
directory service. If the user-provided information is valid, the
security system considers the user authenticated.
- Digital certificates
Instead of requiring identifier-and-password combinations from users,
an application can require users to present
digital certificates, which act as electronic
identification cards. The security service examines the information
in the certificate to authenticate the user.
- The form-based login challenge
Instead of using identifier-and-password combinations or
digital certificates, application designers can write custom
challenges for applications. The authentication procedure in a
custom challenge can take any form the application developers
can implement.
|
|