Overview of Security

As noted earlier, the Web server does not perform a typical “logon” to the application server. Each call from the Web server to the application server must be in the context of a particular user. For example, the user of the browser that is running the Web application. Because the Web server is handling requests from many users concurrently, each call to the application server may be on behalf of a different user. The mechanics are mostly automatic, but proper configuration of the Web server and the application server is required.

The first step is to secure the Web application, which may be done by using basic authentication or form-based authentication. (Discussion of Web authentication techniques is beyond the scope of this documentation.) In either method of authentication, the user is prompted for credentials before the Web application is invoked. The Web server authenticates the credentials and establishes a J2EE security context. Each Web request will be associated with a security context as it is processed in the Web server. A servlet can access the security information through HttpServletRequest methods such as getUserPrincipal(), isUserInRole(), etc.

Once the Web application has been secured, each invocation of a servlet is associated with the security context of the proper user; that is, the user that made the request. When the servlet uses the SIMULIA Execution Engine APIs to make calls to the SIMULIA Execution Engine, that security information must be passed to the application server hosting the SIMULIA Execution Engine because:

  • The application server is secure and will not allow any access without an authenticated user in the appropriate security roles.

  • The SIMULIA Execution Engine protects various data such as library objects and job results using Access Control Lists (ACLs); ACLs cannot be effective without the authenticated identity of the requesting user.

The Web application developer does not have to write any code to pass user credentials to the application server when using the SIMULIA Execution Engine APIs. A properly configured Web server will automatically forward (“propagate”) the security context to the application server on each call. The Web application developer can call the SIMULIA Execution Engine APIs without any special consideration for security.

Each Web server and application server vendor differ in the details of how they support propagation of security credentials from the Web server to the application server. The following sections describe how to configure such propagation between two instances of the WebSphere Application Server product (one instance is acting only as a Web server, the other is the SIMULIA Execution Engine). For more information, consult the documentation for your specific Web and application server.

The run-as security feature can be used only when all stations are running on Linux operating environments because you cannot pass the user’s password to the SIMULIA Execution Engine on a Windows station.