Overview of the LANSA for the Web Security Models

Installing LANSA on IBM i

Overview of the LANSA for the Web Security Models

LANSA for the Web provides you with additional security features, on top of the security of the Web serving software.

There are three alternative security models for implementing user authentication in LANSA for the Web.

No User Authentication

You can assign a user profile that is used for anonymous access to your applications. You create the default user profile on your Data/Application Server. The casual visitor to your site uses the anonymous user access to execute your applications without entering a profile or password. The casual visitor does not know that LANSA is running on the Data/Application Server with a default user profile.

Full User Authentication

Full user authentication uses the CGI-BIN library to request user authentication from the Web Server. All requests to the Web Server and all LANSA for the Web requests will require the Web Server to authenticate the user. All users, even casual visitors to your applications, will be required to provide a user profile.

Partial User Authentication

Partial user authentication requires user profiles for only a specific set of LANSA processes. You can nominate one or more of your LANSA processes to require user authentication. This LANSA for the Web security model also allows for anonymous access to your applications. If a user accesses a process which has no authentication required, no user profile is requested - the anonymous user access and default profile are used.

This alternative is useful if you intend to deploy your applications over the Internet. It allows the casual visitor to use most of the applications on your Web site, but not all. You can secure parts of your applications that require strict user authentication.