It is very common to enable SSL only with server authentication, because it is required from SSL specification. However, it is not so common to activate client authentication as it is optional. Enabling SSL is a server dependent process. I first give a rough overview of this process step by step and then explain each […]
Category: Security
Delegating Authentication to JAAS Module in Acegi Security
We are currently using Acegi Security in our web project. At the moment we employ its form based authentication. In the future, we have to integrate our web application with an environment, in which JAAS based single sign on mechanism will be used for authentication. For this moment, as a first step, we tried to […]
Enabling Acegi (1)
We have decided to use Acegi Security Framework in order to implement security requirements in our web based project, but might possibly have diverse security requirements, in addition to form based authentication and role based authorization, such as remoting support, domain object security, run-as capability, SSO, after invocation security, certificate based authentication which is integrated […]
Why to use absolute paths to reference resources in login and error web pages
I think, it is a well known practice to use absolute names to access resources in login and global error pages, but the reason behind it might not be so clear for some of us. Servlet specification states that when a protected resource accessed, should the request directed first to login page unless user is […]