See wam Menu


A  B  C  D  E  F  G  H I J K  L  M  N  O  P  Q  R  S  T  U  V W X Y Z


Access Control Pipeline

The WAM server pluggable request processing pipeline with each security domain.

Access Control List

Identifies the users who may access a resource, and the type of access to that resource, that a user is permitted to have. Once a user is authenticated the ACL controls what they are permitted to do.

Access Control Policy

Defines the resources being protected and the rules that control access to them.

Access Control Request

Information about a request by a user to get access to a resource including a type, a resource id, and an action.

Access Control Response

The information return by the WAM server to an agent regard and access control request.

Access Control Service

A WAM server service that grant or denies access to resources based on an access control policy.

Access Control Rule

The implementation or expression of the business logic for controlling access to protected resources.

Access Control Rule Library

Manages access control rule types and instances.

Access Control Value

A WAM server individual processing node within an access control pipeline. By default, the first access control valve configured in WAM logs the request and the last valve (also referred to as the basic valve) uses the security domain-specific access control policy to grant or deny access.

Access Management

The centralized or unified implementation and management of user authentication and entitlement to a site’s secure resources.


WAM software components that delegate security requests to a WAM server. Also known as a pluggin. Agents are specific to the application (application agent), web server (web agent), or J2EE server (application server agent) that host them.


An examination of records and activities to ensure compliance with established security controls, policies, and procedures.


Identifies an individual or application through the use of username/password, profiles, digital certificates or other means.

Authentication Pipeline

The WAM server pluggable authentication processing pipeline with each security domain.

Authentication Server

The engine within the WAM server that makes authentication decisions based on a security domain’s login configuration.

Authentication Service

A WAM server service that verifies the user identity and establishes a session that exists until the user logs out or the session times out due to inactivity.

Authenticated User

A user that has presented valid and accepted login credentials to a resource controller.

Authentication Valve

A WAM server individual processing node within an authentication pipeline. By default, the first authentication valve logs the authentication request and the last valve (also referred to as the basic valve) attempts authentication based on information contained in an authentication request.


Develops rules or policies relating to what information users are allowed to view and manipulate (also know as Access Control).


Basic authentication

Internet browser managed base64-encoding the username and password and transmitting the result to the server.



Enables underlying security services to interact with a calling application to retrieve specific authentication data such as usernames and passwords, or to display certain information, such as error and warning messages. See Callback.

Callback Handler

Application component that passes authentication credentials from the application to a login module. See CallbackHandler.


Values (such as a username or password) or tokens (such as a digital certificate) owned by a user and presented to an authentication controller for validation of the user’s identity.


Engine Layer

Enables a WAM server to host security domain services.



A category of users, classified by common traits to facilitate administration.



Lightweight Directory Access Protocol. A client-server protocol for accessing a directory service. It runs over TCP and can be used to access a stand-alone LDAP directory service or to access a directory service back-ended by X.509.

Login Configuration

Specifies authentication requirements for a given security domain including login configuration entries, callback handlers, and login parameters.

Login Configuration Entry

Specifies the login modules you will use with WAM. Because LoginModules are pluggable, you can implement them without modification to WAM. Because they are stackable, you can specify how authentication to one or more LoginModules is required to access any resource.

Login Module

The WAM mechanism by which callers prove that they are acting on behalf of specific users or systems. See LoginModule.

Logical Operator

The three Boolean operators AND, OR, and NOT that gather or separate things into neat piles depending on how you use them. WAM uses logical operators between, and in some cases preceding, access control rules.


Network Adapter Layer

Enables a WAM server to offer services on different TCP/IP ports and to support network clients that speak different protocols.



Associates a set of resources (defined using a resource pattern) with one of two possible actions: an access control rule that will be evaluated to grant or deny access to the resource, or a security domain to which access control will be delegated.

Policy Server

The components within the WAM server that make access control decisions based on rules and and permissions defined in security domains.


Any entity such as an individual user, a login id, or groups to which a user belongs.


Remote Address

The IP address of the computer on which the browser or client application is running.

Remote Host

The fully qualified DNS hostname of the computer on which the browser or client application is running.


Content including web pages, files, datasources, Enterprise Java Beans, and more that are network accessible.


A working description of a user assigned to a user or group at application deployment time. Roles provide users access to application resources or enable programmatic decisions.


Security Domain

Enables access management to be partitioned according to organizational or physical boundaries, different security domains may be securely configured and managed by different individuals, departments, and companies.

Security Domain Registry

Maintains basic information about each security domain known to WAM, including the name and location of configuration metadata.

Service Manager Service

A WAM server service that enables custom security domain-specific services to be used/reused via programmer’s APIs.


The WAM server metadata assigned to a currently authenticated user.

Session Access Service

A WAM server service that provides information about authenticated users to agents.

Session Control Service

A WAM server service that enables modification and explicit closure (logout) of user sessions.

Session Management

The process of capturing and changing metadata about an authenticated user throughout the login.

Session Manager Service

A WAM server service that manages an authenticated user’s session and expires it if inactive for a configurable period.

Session Object

The programmatic object where a user’s session metadata is persisted.

Service Provider Layer

Enables a WAM server to provide security services like authentication and access control.

Single Sign-On

Enables a user to authenticate on one web server and access resources hosted on other web servers (or other virtual hosts within the same web server) without having to re-authenticate.


The container that holds authentication information about the user or service being authenticated, including relevant principals and credentials.


Trace Logger

A centralized, security domain specific component that logs information about the startup, shutdown, warnings, and errors of it’s services.



Accounts that usually represents a person (but could be a system).

User Repository

A LDAP server, a database, or file containing users, passwords, groups, and roles.

Have a Question?

Have a how-to question? Seeing a weird error? Contact us.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.