User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE

241

242

243

244

245

246

247

248

249

250

Chapter 7: Developing Applications

7-2

Developing Java Applications

This section explains how to develop Java applications using the Java application interface (hereafter

referred to as "single sign-on JavaAPI") supported by Interstage single sign-on. The single sign-on

JavaAPI class library is contained in the business server function.

The single sign-on JavaAPI uses the Java(TM) Authentication and Authorization Service (hereafter

referred to as "JAAS") framework. Knowledge of JAAS application development is therefore required.

For details on Java application development using JAAS, refer to the JAAS documents provided by Sun

Microsystems, Inc.

To enable the use of JAAS authentication and JAAS authorization from a Java application, Interstage

single sign-on supports the JAAS functions listed in the table below. For the API specifications for

classes supported by the single sign-on JavaAPI (classes in packages under

"com.fujitsu.interstage.sso"), refer to the attached JavaDoc.

Table 7-1 Functions Supported by Interstage Single Sign-on

Packaged

Function

Explanation

Callback Class for transferring information to be used for JAAS authentication (user

ID/password or SSO authentication confirmation) to LoginModule

CallbackHandler Class for setting information to be used for JAAS authentication (user

ID/password or SSO authentication confirmation) in Callback. The application

creator can implement this class separately.

LoginModule Class with interface for JAAS authentication implemented

Credential Class for storing credentials information set when JAAS authentication is

successful

Principal Class indicating an actor (such as user and role) set when JAAS authentication

is successful

The following two types of Java applications can be developed using the single sign-on JavaAPI:

• Servlet application that receives authentication information from a client.

After SSO authentication in a client (Web browser), this application uses a servlet to receive

authentication success information (confirming successful execution of SSO authentication) from

the client. It then uses the received information to perform JAAS authentication and reference user

information.

• Java application that receives a user ID/password from a client to perform authentication.

This client-server type Java application uses a user ID/password to perform authentication. For

example, a servlet application set up in a business server receives a user ID/password entered

from a Web browser. The servlet application uses the received user ID/password to perform JAAS

authentication and reference user information. It is possible to develop such a servlet application.