This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes What is the authenticated entity in a web app? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "What is the authenticated entity in a web app? " Watch "What is the authenticated entity in a web app? " New topic
Author

What is the authenticated entity in a web app?

Chulwoo Choi
Ranch Hand

Joined: Apr 11, 2005
Posts: 65
Hello,

This is a rudimentary question but I�m not sure what the authenticated entity is in a web app. Is it the session or the object in which JAAS authentication occurred??

For example, consider a user who wants to access a secured EJB though a web application. A user would login in the JSF login page and the backing bean will authenticate the user using the JAAS API.
In this case, is the user considered authenticated as long as the session is alive?? Or is it only the backing bean object that can access the secured area??

Thanks for help in advance.
Chulwoo
 
 
subject: What is the authenticated entity in a web app?
 
Similar Threads
FORM based JAAS authentication. LoginHandler needs more info.
Using default JAAS Mechanism in Websphere makes applications to access the context path of the other
Rudimentary question about JAAS authenticated entity
Excluding existing code from custom JAAS login module
JSF Login problem