Securing a WebStack Application

Making sure that Web applications are "secure" involves many different aspects of application design, deployment and administration. This guide currently only covers the usage of the authentication features of the WebStack API.

Authentication in WebStack

There are two principal methods of introducing authentication and applying access control to WebStack applications:

Here is a comparison of the features of these mechanisms:

Application-Wide Authenticators LoginRedirect and Login Modules
Deployment
  • Some Web server configuration required.
  • The application only requires an additional object to be instantiated to support authentication.
  • An additional login application or resource must be deployed.
Flexibility
  • The user experience may seem too inflexible or unfriendly - users may only get the login dialogue.
  • There is also probably no logout function, since it requires browser support.
  • HTTP-style authentication is well understood and supported when automating client access.
  • The login and logout activities can be customised to suit the appearance of the rest of the application.
  • Many applications can share the same login application, providing a "single sign-on" experience and potentially reduced administrative overhead.