AccessMyLibrary provides FREE access to millions of articles from top publications available through your library.
A three-letter acronym seen a lot recently is EAI (Enterprise Application Integration). EAI deals with the question of how to create a coherent enterprise system infrastructure within a heterogeneous application environment. One of the effects of mergers and the lack of standards for system integrators is the enormous amount of work it generates to glue all the parts of merging enterprises together. The major challenge is to do this in a logical manner while avoiding inconsistencies.
The aspect of EAI that I want to focus on is security; specifically the authentication and authorization of users. The J2EE platform requires user information in order to authenticate a user or group of users and to authorize access to a J2EE component or a Web resource. However, there is no consensus on where or how to store employee or customer information. Databases, LDAP (Lightweight Directory Access Protocol), or even the operating file system are used to store user information.
The WebSphere Security Center
The WebSphere Application Server Administrator's Console supports several user information registries for authentication purposes. Local registries are limited to a single application server. Centralized registries use the LTPA protocol to access a supported LDAP service. Customer-defined registries or pluggable registries use the WebSphere Custom Registry interface that facilitates access to a custom user registry. After enabling security in the WebSphere Security Center, WebSphere uses the local registry (operating system) by default to authenticate users. Although LDAP is becoming one of the major user repositories, there are still many companies that store user information in a database. I am not going to enter the LDAP versus database debate here. I will confine myself to stating that both have their strengths and weaknesses in particular uses.
If neither the OS or the LDAP authentication is applicable for the target platform, WebSphere provides a third, more generic authentication mechanism, called Lightweight Third Party Authentication (LTPA) or do-it-yourself authentication. Another great excuse for developers to take legal advantage of the Not Invented Here syndrome, LTPA offers the possibility to use a nonstandard or a legacy solution that is not natively supported by WebSphere as a custom user registry for authentication purposes. A database, for instance, is …