In this version of EP, a Common Security Infrastructure (CSI) realm works together with a security provider, either PortalDB or LDAP, to support authentication and authorization. The CSI realm is a component that plugs in to either a Tomcat 4.1 Web application container or an EAServer 5.1 application server. To support authentication and authorization, the PortalDB provider uses the Enterprise Portal database portaldatabase; the LDAP provider uses an LDAP server.
A CSI realm is an abstract interface to security information such as user names, passwords, and role membership. When a user logs in to Enterprise Portal, the user’s name and password are verified against the data server, and if valid, role information is retrieved to provide Tomcat or EAServer with a list of the user’s roles.
To use a combination of components other than Tomcat and the PortalDB security provider:
If your system components are |
Perform these steps |
|---|---|
Tomcat and the LDAP provider |
|
EAServer and the PortalDB provider |
|
EAServer and the LDAP provider |
You can also use both security providers at the same time. If your system is configured to use both the LDAP provider and the PortalDB provider, a user’s name and password are first passed to the LDAP provider for authentication, then they are passed to the PortalDB provider. If authentication succeeds with either provider, the user is authenticated. If the user cannot be authenticated with either the LDAP or PortalDB provider, the user is not authenticated. Similarly, when performing authorization role checks, both providers are queried to see whether either of them grants the specified role to the user.
For development, you may want to use the preconfigured
PortalDB provider, as it can simplify debugging.
| Copyright © 2004. Sybase Inc. All rights reserved. |
|
|
