Welcome to the jGuard's wiki » jGuard Documentation » Authentication schemes

Authentication schemes

Last modified by JeromeVelociter on 2010/12/08 22:07

Authentication schemes

all the succeeding authorization schemes are involved in an http transaction between the server (i.e your application server like tomcat, jBoss, OC4J,jetty and so on...), and the client (i.e your browser).

Authentication schemes are defined as the mechanisms used to transmit credentials from the user (browser for webapps) to the server (credentials are used later on the server to authenticate the user).

to configure your authentication schemes, you DON'T have to configure your application server to use them (especially, you DON'T have to configure the <login-config> markup in the web.xml, and its related <auth-method> and <realm-name> markup).

jGuard replace the specific mechanisms used in your application server, to grab credentials and compute them to authenticate the user.

FORM authentication

since its inception, jGuard support the FORM authentication scheme. credentials are sent from the browser to the application server through an html form. some special URIs are involved in this authentication scheme:

  • logonURI
this URI is used to access to the page which contains the form used to authenticate. this URI is granted to ALL users.
  • logonProcessURI
this URI is used to send to the server the credentials to authenticate. this URI is granted to ALL users.

to use the FORM Authentication scheme, you have to configure the jGuardConfiguration.xml file with this markup:

<authScheme>FORM</authScheme>

BASIC authentication

since the 0.70 release, jGuard support BASIC authentication. some special URIs are involved in this authentication scheme:

  • logonProcessURI
this URI is used to send to the server the credentials to authenticate. this URI is granted to ALL users.

to use the BASIC Authentication scheme, you have to configure the jGuardConfiguration.xml file with this markup:

<authScheme>BASIC</authScheme>

Digest Authentication

this authentication scheme is not yet supported.

a feature request has been posted on the sourceforge system.

CLIENT_CERT authentication

since the 0.70 release, jGuard support CLIENT_CERT authentication.

to use the CLIENT_CERT Authentication scheme, you have to configure the jGuardConfiguration.xml file with this markup:

<authScheme>CLIENT-CERT</authScheme>

jGuard use its own mechanisms incolved in authentication schemes. but it uses the SSL mechanism provided by the application server, in the case of CLIENT-CERT authentication. so, you have to configure your web.xml file with this markup:

<security-constraint>
    	<web-resource-collection>
      		<web-resource-name>all the webapp</web-resource-name>
		    <description></description>
      		<url-pattern>/*</url-pattern>
    	</web-resource-collection>
    	<user-data-constraint>
      		<description>This part requires SSL</description>
      		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    	</user-data-constraint>
  </security-constraint>
Tags:
Created by diabolo512 on 2006/02/09 14:37

jGuard team copyright 2004-2009
3.1.1