Thursday Jan 29, 2009

Adding Pluggable Authentication to all Servlet 3.0 Containers

Do you have an opinion as to whether Compatible Servlet 3.0 containers should be required to support the Servlet Container Profile of JSR 196? Support for the profile would ensure common integration of portable authentication mechanism implementations with the security-constraint processing machinery of any compatible Servlet container.[Read More]

Tuesday Jan 06, 2009

Defining Security Constraints on Content under Glassfish Docroot

This entry describes how to define security constraints on content served by the default web module. [Read More]

Tuesday Aug 19, 2008

Servlet security constraints - summary and recommendations

This entry describes the Servlet security constraint model and offers some recommendations intended to help ensure that your application is protected as you intend it to be. Thanks to Jeff Williams of Aspect security for making me aware of common practice, and for his suggestions for simplifying the Servlet constraint model.[Read More]

Tuesday Jan 22, 2008

Pluggable Authentication in the Glassfish Web Tier

You can inject a new network authentication mechanism in the Glassfish Servlet container by:
  • implementing a JSR 196 server authentication module (i.e., a SAM), and
  • configuring the SAM as a message-security-provider via the Glassfish admin console, and
  • binding the SAM for use by your application via sun-web.xml.

A SAM differs from a custom realm in that the SAM can control the HTTP authentication dialog, while a realm is typically used by a system controlling the dialog (such as a SAM) to validate or augment credentials extracted from the exchanged messages. JSR 196 is also used by (and available within) the client and server-side web service pipelines of the Glassfish METRO stack.[Read More]

About

monzillo

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today