Java EE Security API Introduction
The Java EE Security API specification defines portable, plug-in interfaces for HTTP authentication and
identity stores, and an injectable SecurityContext interface that provides an API for programmatic
security.
-
Implementations of the
HttpAuthenticationMechanism interface can be used to authenticate
callers of web applications. An application can supply its own HttpAuthenticationMechanism,
or use one of the default implementations provided by the container.
-
Implementations of the
IdentityStore interface can be used to validate user credentials
and retrieve group information. An application can provide its own IdentityStore,
or use the built in LDAP or Database store.
The HttpAuthenticationMechanism and IdentityStore APIs provide an advantage over
container-provided implementations in that they allow an application to control the authentication process, and the
identity stores used for authentication, in a standard, portable way.
The SecurityContext API is intended for use by application code to query and interact with the current
security context. The specification also provides for default group-to-role mapping, and defines a principal type
called CallerPrincipal that can represent the identity of an application caller.
Description of the Example
This example demonstrates how you can configure a DatabaseIdentityStore to point to a backend database
and then use it as an IdentityStore. In this example, the following users are defined, along with the
groups they are in.
| User |
Password |
Group |
Joe |
secret1 |
foo, bar |
Sam |
secret2 |
foo, bar |
Tom |
secret2 |
foo |
Sue |
secret2 |
foo |
When a request is made to the application with certain credentials, the authentication mechanism bundled with this
application comes into effect and authentication is performed against the DatabaseIdentityStore as
defined in the application.
Post authentication, the application also verifies the roles the caller is in and sends the details as part of the
response.
Use This Example
Access Built-in-db-identity-store
