The application server can be configured to use a third-party product to provide authentication services, while continuing to perform authorisation. These products are often referred to as reverse proxy servers. To delegate the role of authentication to a reverse proxy, two conditions must be met.
The reverse proxy must provide a Trust Association Interceptor, which WebSphere will use to receive requests from the reverse proxy server.
A trust association between WebSphere and the reverse proxy must be established.
In order to provide an interceptor, the com.ibm.websphere.security.TrustAssociationInterceptor interface, which defines three methods, must be implemented.
public boolean isTargetInterceptor(HttpServletRequest) ...