Authentication and Authorization
In the sample application, each expense report has an owner; the actions a user can perform on a specific report depends on whether she owns it, and whether she’s a manager or a regular employee. To implement these requirements, we need a way to identify application users and tell what type of user they are.
A process referred to as authentication identifies users. To access the application, the user has to provide personal information that only a real, registered user would know. The application authenticates the information, e.g., by comparing it to information in a registry of known users. If the information is authentic, the application recognizes the user as a specific person. Once the application knows who the user is, it can use this knowledge to decide what the person is allowed to do (also known as authorization).
Get JavaServer Faces now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
