Authentication for Uniface Web Applications
When developing a web application, you need to consider how to protect the web side from unauthorized access, virus attack, information theft, and so on. The first line of defence is authentication.
Uniface enables you to use the BASIC authentication mechanism for access control, or other, more secure authentication methods provided by web servers. To implement more secure authentication and handle other aspects of web security, you can make use of technologies such as firewalls, Secure Socket Layer, LDAP, and so on.
In many cases, an application requires authentication before it can be accessed by a user. There are a number of approaches to implement user authentication, such as LDAP, BASIC authentication, and so on. You can also implement your own authentication method.
You can use the servlet setting AUTHORIZATION to specify how authentication will be handled to control access to your web applications:
- BASIC authentication method—set
AUTHORIZATION to Realm and use Proc code in the web
application to check user logon information.
Note: BASIC authentication assumes that the connection between the client and server computers is secure and can be trusted. The login information is passed as plain text and could be easily intercepted. Therefore, it is not suitable for web applications requiring proper protection.
- Web server authentication—set
AUTHORIZATION to
REMOTE_USER
to have the web server perform authentication. Anonymous is not accepted.
The user logon information can be retrieved in Proc using $user and $password. The logon information can also be useful as the state information identifier.