AccessMyLibrary provides FREE access to millions of articles from top publications available through your library.

Index of articles > Business > Computers and Office Automation Industries publications > WebSphere Developer's Journal articles > February 2003 articles
Close

Create a link to this page

Copy and paste this link tag into your Web page or blog:

<a href="http://www.accessmylibrary.com/article-1G1-103192557/ltpa-custom-user-registry.html" title="Facts and information about An LTPA custom user registry: helping to glue together the enterprise. (Security).">An LTPA custom user registry: helping to glue together the enterprise. (Security).</a>
Close Set up an RSS feed that alerts you when new articles from WebSphere Developer's Journal are available.
XML Add to My Yahoo! Add to My AOL Add to Google Subscribe in NewsGator
Frequently asked questions about RSS feeds

An LTPA custom user registry: helping to glue together the enterprise. (Security).

WebSphere Developer's Journal

| February 01, 2003 | Heijmans, Marcel | (Hide copyright information)Copyright

A three-letter acronym seen a lot recently is EAI (Enterprise Application Integration). EAI deals with the question of how to create a coherent enterprise system infrastructure within a heterogeneous application environment. One of the effects of mergers and the lack of standards for system integrators is the enormous amount of work it generates to glue all the parts of merging enterprises together. The major challenge is to do this in a logical manner while avoiding inconsistencies.

The aspect of EAI that I want to focus on is security; specifically the authentication and authorization of users. The J2EE platform requires user information in order to authenticate a user or group of users and to authorize access to a J2EE component or a Web resource. However, there is no consensus on where or how to store employee or customer information. Databases, LDAP (Lightweight Directory Access Protocol), or even the operating file system are used to store user information.

The WebSphere Security Center

The WebSphere Application Server Administrator's Console supports several user information registries for authentication purposes. Local registries are limited to a single application server. Centralized registries use the LTPA protocol to access a supported LDAP service. Customer-defined registries or pluggable registries use the WebSphere Custom Registry interface that facilitates access to a custom user registry. After enabling security in the WebSphere Security Center, WebSphere uses the local registry (operating system) by default to authenticate users. Although LDAP is becoming one of the major user repositories, there are still many companies that store user information in a database. I am not going to enter the LDAP versus database debate here. I will confine myself to stating that both have their strengths and weaknesses in particular uses.

LTPA

If neither the OS or the LDAP authentication is applicable for the target platform, WebSphere provides a third, more generic authentication mechanism, called Lightweight Third Party Authentication (LTPA) or do-it-yourself authentication. Another great excuse for developers to take legal advantage of the Not Invented Here syndrome, LTPA offers the possibility to use a nonstandard or a legacy solution that is not natively supported by WebSphere as a custom user registry for authentication purposes. A database, for instance, is …

View articles courtesy of your local library
Related articles from newspapers, magazines, journals, and more
©2013 Gale, a part of Cengage Learning. All rights reserved. Contact us | Privacy policy | Terms and conditions

The AccessMyLibrary advertising network includes: womensforum.com GlamFamily