Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
J2EE Security | ||||||||
Added: | ||||||||
> > | Chapter 21 of the j2ee spec http://java.sun.com/products/j2ee/ See also JAAS http://java.sun.com/security/jaas/doc/acsac.html | |||||||
J2ee security can be implemented either as declarative (i.e. entirely in configuration files) or programmatic (i.e. implemented in code, using the Sun API's). Declarative is recommended. Concepts | ||||||||
Changed: | ||||||||
< < | User - pretty much self-explanatory except that Java users don't map onto operating systems users. | |||||||
> > | Subject - defined by JAAS as "any user of a computing service." Maps roughly onto an Axia "party." Principal - an entity that can be authenticated, in fact a name that a Subject uses to interact with a service. Each user of the system will typically have a set of Principals which they use to interact with the system. A principal has a Principal Name and Authentication Data. Maps roughly onto an Axia "alias." Credentials - data or attributes used to authenticate a Principal. | |||||||
Realm - a set of security policies. Users belong to one realm. The default realm always exists.
Group - a user can be a part of a J2EE group. A J2EE group's scope is the entire J2EE environment. | ||||||||
Changed: | ||||||||
< < | Role - similar to a group, but scope is only within a single application. Roles are declared in the EJB jar or war file. | |||||||
> > | Security Role - similar to a group, but scope is only within a single application. Roles are declared in the ear file. Each Principal is mapped into one or more roles. | |||||||
There are two approaches to authorization: capabilities and permissions. Capabilities are user-oriented, i.e. the user can do this or that but not the other. Permissions work the other way. i.e. for this method on this EJB, only these roles can call it. |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Added: | ||||||||
> > | J2EE SecurityJ2ee security can be implemented either as declarative (i.e. entirely in configuration files) or programmatic (i.e. implemented in code, using the Sun API's). Declarative is recommended. Concepts User - pretty much self-explanatory except that Java users don't map onto operating systems users. Realm - a set of security policies. Users belong to one realm. Thedefault realm always exists.
Group - a user can be a part of a J2EE group. A J2EE group's scope is the entire J2EE environment.
Role - similar to a group, but scope is only within a single application. Roles are declared in the EJB jar or war file.
There are two approaches to authorization: capabilities and permissions. Capabilities are user-oriented, i.e. the user can do this or that but not the other. Permissions work the other way. i.e. for this method on this EJB, only these roles can call it.
-- TobyCabot - 30 Jul 2001 |