Advanced authentication in WebSphere

In the past, IBM WebSphere Application Server had a rigid authentication model that made it challenging to support complex or unusual requirements. This situation was recently addressed with a new, highly customizable authentication framework based upon Java Authentication and Authorization Service (JAAS), extended with features that specifically address the requirements of managing user authenticity and privileges in a distributed application server environment.

This new framework defined for JAAS support in WebSphere Application Server includes:

    * well-defined interfaces for altering the user subject
    * enhanced Trusted Association Interceptor (TAI) support
    * explicit documentation for the WebSphere Application Server login process
    * the ability to assert complete user credentials to WebSphere Application Server (including group information)
    * replication of subjects in a distributed environment

plus a number of beneficial extensions to the security programming model.

This article will describe these new features in detail. The next sections provide some background on the fundamentals of the WebSphere Application Server authentication process and an overview of JAAS, then the remainder of the article will describe the most important aspects of these features as they relate to authentication.

For more details, please visit the url below:
http://www.ibm.com/developerworks/websphere/techjournal/0508_benantar/0508_benantar.html