To understand the basic workflow of security in the Liberty
profile, some common security terms are detailed along with an example.
Security key terms
- Authentication
- Authentication confirms the identity of a user. The most common
form of authentication is user name and password, such as through
basic authentication or form login for web applications. When a user
is authenticated, the source of a request is represented as a Subject object
at run time.
- Authorization
- Authorization determines whether a user has access to a given
role within the system. The Java™ EE
model uses subjects, roles, and role mappings to determine if access
is allowed.
- Role
- A role is defined within the Java EE
application. Some roles, such as the Administrator role, are predefined
by the system. Other roles are defined by the application developer.
In Java EE, subjects are usually
granted or denied access to a role based on the roles they perform
within the application.
- Subject
- A subject is both a general term and a Java object: javax.security.auth.Subject.
Generally, the term subject means active entities within the system,
such as users on the system, and even the system process itself.
Security workflow example
The following
example demonstrates how the security is applied when a user requests
access to a resource. For example, a user Bob wants
to access a servlet myWebApp. See the code samples
in Getting started with security in the Liberty profile.
To access
the servlet
myWebApp, the following conditions must
be true:
- Bob must be able to log in to the system because
the servlet is protected.
- Bob must be in the testing role
because the servlet is restricted by using an auth-constraint element
in the deployment descriptor.
If Bob cannot log in to the system,
or Bob is not in the testing role,
then the access to the servlet myWebApp is denied.Another
user Alice can log in to the system because Alice is
a valid user. But Alice is not in the testing role.
An HTTP 403 error (Access Denied/Forbidden) displays when Alice logs
in.