Users
A user, or enterprise user, is an end-user accessing a service. User information is stored in the domain identity store, typically instantiated by the WebLogic Server DefaultAuthenticator. An authenticated user is a user whose credentials have been validated.
An anonymous user is a user whose credentials have not been validated (hence unauthenticated) that is permitted access to only unprotected resources. This user is specific to OPSS and its use can be enabled or disabled by an application. For details about anonymous user support, see Section 3.4, "The Anonymous User and Role."
Roles
An enterprise group or group is a role that comprises users or other groups. It can be defined in an application deployment descriptor (such as web.xml
or ejb-jar.xml
) or using annotations in code.
A JavaEE logical role is a role specified declaratively or programmatically by a JavaEE application. It is defined in an application deployment descriptor and, typically, used in the application code.
An OPSS application role is a collection of users, groups, and application roles, and it can be structured in a hierarchy. It is specific to the application, defined by the application policy, and not necessarily known to the JavaEE container. Application roles are scoped in the sense that they are visible only when the application runs. They can be mapped to other application roles defined in the same application scope (and also to enterprise users or groups), and they are used to make authorization decisions.
For details about the anonymous role, see Section 3.4, "The Anonymous User and Role." For details about the authenticated role, see Section 3.3, "The Authenticated Role."
Principal
A principal is the identity assigned to a requesting entity (such as a user) by an authentication process.