Using WS-EAF

Each supported Java™ EE application server integrates JAAS into its security framework, but because the Java EE standard does not specify how to do this integration, each Java EE vendor has its own integration approach. This means that each Java EE application server has a special, unique way of doing a valid login, which is defined here as a JAAS login that is recognized by the rest of the vendor's Java EE framework. Not performing a JAAS login the valid way for that application server prevents the security identity from propagating to the Content Cortex EJB layer.

As an example, in Oracle WebLogic, the JAAS Subject has special validated principals that, by default, are digitally signed only by a WebLogic Authentication Provider, whereas IBM® WebSphere® software takes the approach of adding special WSPrincipals and WSCredentials objects that can be generated only by special WebSphere LoginModules.

The following subtopics provide more information that is specific to supported application servers.