Configuring Authentication 
Use
You configure login
modules for your Web application in order to determine the mechanism that will
be used to authenticate an application’s users. You can choose from the
standard login modules such as BASIC, DIGEST, FORM, and CLIENT-CERT, or use a custom login module. For more
information about setting up the custom login modules, see 
Authentication on the
J2EE Engine in the Administration Manual.
In addition, you can associate the application with a security policy domain that affects the local single sign-on (SSO) capabilities.
You configure login modules in both web.xml and web-j2ee-engine.xml descriptors.
Procedure
On the web.xml screen, proceed as follows:
...
1. Open the General screen.
2. Choose the authorization mechanism you want to use from the Authentication method drop-down list. The possible values are BASIC, DIGEST, FORM and CLIENT-CERT. For information about the different methods, see the JavaÔ Servlet 2.3 Specification at http://java.sun.com.
3. If you chose the BASIC authentication scheme in the previous step, specify an authentication realm in the Realm name field. This string is then entered in the Realm field of the logon screen that the browser displays.
4. If you have chosen FORM based authentication, you must also specify the location of the resource (HTML page, or servlet or JSP page) that provides the login page and the page that responds to a failed authentication attempt. To do this, choose Form login configuration and then enter the locations of the pages in the Form login page and Error login page fields, respectively.
You perform the next configuration steps on the web-j2ee-engine.xml screen:
5. Open the Security screen.
6. Select login configuration. You can make the following settings:
¡ Enter a security policy domain, to which the application is associated, in the Security policy domain field. This field accepts string values. If you use hierarchical policy domains, you must separate the strings with a backslash. For example, a value of /A/B means that this application is associated with domain /A/B that is included in the root domain /A. This configuration affects the applications SSO behavior.
For more information about the single sign-on environment on the J2EE Engine, see Single Sign-on for J2EE Web Applications.
¡ Force password change after a successful authentication to the application. To do this, you must provide the resources that provide the pages that display the login form or process the cases of failed password change. You must enter the location of those resources in the Login page and the Error page fields in the Password change configuration pane, respectively.
For more information about password change behavior on the J2EE Engine, see Changing the User Password.
¡
Configure a custom
login module that will be used for user authentication. To do this, choose
Add to add a new login module. Then enter the name
of the login module in the Name field. The value
of the field can either be the fully qualified Java class name of the class
that implements the login module, or the name that it is registered with in
the user store. Choose the priority flag for that module from the Priority drop-down list. The possible values are optional, required, requisite and sufficient. For more
information about the semantics of those values, see Managing Login
Modules in the Administration Manual.
In order to configure and use a custom login module in your Web application, you must have first registered it in the J2EE Engine user store.
See also: