Applications running on J2EE Engine have two options for authenticating users:
· Declarative authentication (also known as container-based authentication): The Web container (in this case, the J2EE Engine) handles authentication. A component running on the J2EE Engine declares its protected resources and its desired authentication mechanism in its deployment descriptor. When a protected resource of this component is accessed, the container in which the component runs triggers authentication.
· Programmatic authentication (also known as UME authentication): Components running on the J2EE Engine authenticate directly against the User Management Engine (UME) using the UME API. The component explicitly triggers authentication and then the authentication process is controlled by the authentication framework.
Web Dynpro applications and portal iViews always use programmatic (UME) authentication. J2EE Web applications can use either declarative or programmatic authentication depending on which the developer decides to use.
Both declarative and programmatic authentication use login modules and login module stacks as their underlying technology. Applications that use declarative authentication define which login module stack they use in their deployment descriptor. Programmatic authentication additionally introduces the concept of authentication schemes. Applications that use programmatic authentication are associated with an authentication scheme. The authentication scheme in turn references a login module stack.