posted 18 years ago
William,
As a mandatory requirement...All J2EE Application Server vendors are required to provide support Container-based security that inclde several authentication mechanisms....such as HTTP BASIC, FORM-BASED, MUTUAL (Client-certificate), HTTP Digest. These are standard authentication services and it is the vendor repsonsibility to make it available as a J2EE service. It is a developer resposibility to incorporate the mechanisms in J2EE apps...."Declaratively" using your deployment descriptors. In case of FORM-BASED you need to create a Login Page.
For custom authentication..the standards approach is using JAAS.
Refer to Chapter 5 of our book...to know more about the mechanisms, how and when to implement them.
/Ramesh
[ January 11, 2006: Message edited by: Ramesh Nagappan ]
Ramesh Nagappan CISSP<br />Co-Author of "Core Security Patterns"<br />nramesh@post.harvard.edu<br /><a href="http://www.coresecuritypatterns.com" target="_blank" rel="nofollow">www.coresecuritypatterns.com</a>