Browse Prior Art Database

System and method to allow a global JASPI provider to handle all web authentication when using the Java specification JASPI 1.0 Disclosure Number: IPCOM000207641D
Publication Date: 2011-Jun-07
Document File: 2 page(s) / 38K

Publishing Venue

The Prior Art Database


The JASPI 1.0 specification provides the application server administrator with the option to define a default global JASPI provider which would perform authentication for all web modules when JASPI authentication is enabled when no JASPI provider mapping is established. WebSphere Application Server v8 extends this specification by allowing the application server administrator to force the default global JASPI provider to be used for all JASPI authentication decisions, thus overriding any other JASPI provider mappings to applications or web modules.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

System and method to allow a global JASPI provider to handle all web authentication when using the Java specification JASPI 1.0

Java EE* 6 standards define the notion for a third party security provider to handle the Java Platform Authentication for web-based HTTP requests. Specifically, the Java EE 6 standards include the new Java Authentication SPI (JASPI


                  for Containers 1.0 specifications to handle authentication requests on behalf of a web-based application. The JASPI specification extends the pluggable authentication concept of the Java Authentication and Authorization Service (JAAS) to handle the authentication of HTTP request and response messages. When application security is enabled and a protected web resource is accessed, the web container and the security run-time collaborate to make an authentication decision for the caller. When using a third party JASPI provider, the authentication decision is delegated to that provider.

The JASPI specification defines standard system programming interfaces that enable developers to write a pluggable custom authentication provider that can handle the Java EE web authentication. WebSphere Application Server** runtime uses these interfaces to invoke the JASPI authentication provider.

JASPI is a powerful interface for customers who have very specific authentication requirements. JASPI allows customers to develop their specific implementation to be made available at the web container level, allowing their JASPI interface to handle their specific authentication decision on behalf of all their web based application. The security does not need to be baked into every web based application, which affords tremendous development time savings and establishes authentication consistency.

This article addresses how WebSphere Application Server v8 has extended the JASPI specification to give the application server administrator total control over the JASPI providers used to handle the web requests and responses dest...