| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Chapter J2EE.3 of the j2ee 1.4 spec http://java.sun.com/products/j2ee/ (includes a simple example) Chapter 21 of the EJB spec http://java.sun.com/products/ejb/docs.html Chapter SRV.12 of the servlet spec http://java.sun.com/products/servlet/download.html | ||||||||
| Line: 6 to 6 | ||||||||
| J2ee security can be implemented either as declarative (i.e. entirely in configuration files) or programmatic (i.e. implemented in code, using the Sun API's). Declarative is recommended. | ||||||||
| Added: | ||||||||
| > > | The Sapient j2ee framework called "Carbon" has a security module that looks pretty good. Nice intro page. | |||||||
Concepts | ||||||||
| Changed: | ||||||||
| < < | Subject - defined by JAAS as "any user of a computing service." Maps roughly onto Martin Fowler's idea of a "party." | |||||||
| > > | Subject - defined by JAAS as "any user of a computing service." Maps roughly onto Martin Fowler's idea of a "party." http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/Subject.html | |||||||
| Changed: | ||||||||
| < < | Principal - an entity that can be authenticated, in fact a name that a Subject uses to interact with a service. Each user of the system will typically have a set of Principals which they use to interact with the system. A principal has a Principal Name and Authentication Data. | |||||||
| > > | Principal - an entity (person or group) that can be authenticated, in fact a name that a Subject uses to interact with a service. Each user of the system will typically have a set of Principals which they use to interact with the system. A principal has a Principal Name and Authentication Data. http://java.sun.com/j2se/1.4.2/docs/api/java/security/Principal.html | |||||||
Credentials - data or attributes used to authenticate a Principal. Sun doesn't define any specific class to represent credentials, coders can use any object they want.
Realm - a set of security policies. Users belong to one realm. The default realm always exists. | ||||||||
| Changed: | ||||||||
| < < | Group - a user can be a part of a J2EE group. A J2EE group's scope is the entire J2EE environment. | |||||||
| > > | Group - a user can be a part of a J2EE group, which is a type of principal. A J2EE group's scope is the entire J2EE environment. http://java.sun.com/j2se/1.4.2/docs/api/java/security/acl/Group.html | |||||||
| Security Role - similar to a group, but scope is only within a single application. Roles are declared in the ear file. Each Principal is mapped into one or more roles. | ||||||||
| Line: 30 to 32 | ||||||||
EJBEJB security can be declarative (in ejb-jar.xml) or procedural. For procedural security seeEJBContext, especially the getCallerPrincipal() and isCallerInRole() methods here. | ||||||||
| Added: | ||||||||
| > > |
Implementationhttp://www.developer.com/java/ejb/article.php/3077421 - how-to using JBoss and LDAP | |||||||