Search
The Caboteria
/
Tech Web
/
JavaJ2eeSecurityNotes
(revision 1) (raw view)
<h1>J2EE Security</h1> J2ee security can be implemented either as *declarative* (i.e. entirely in configuration files) or *programmatic* (i.e. implemented in code, using the Sun API's). Declarative is recommended. *Concepts* *User* - pretty much self-explanatory except that Java users don't map onto operating systems users. *Realm* - a set of security policies. Users belong to one realm. The =default= realm always exists. *Group* - a user can be a part of a J2EE group. A J2EE group's scope is the entire J2EE environment. *Role* - similar to a group, but scope is only within a single application. Roles are declared in the EJB jar or war file. There are two approaches to authorization: *capabilities* and *permissions*. Capabilities are user-oriented, i.e. the user can do this or that but not the other. Permissions work the other way. i.e. for this method on this EJB, only these roles can call it. -- Main.TobyCabot - 30 Jul 2001 <br>
Edit
|
Attach
|
P
rint version
|
H
istory
:
r6
|
r4
<
r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
Raw edit
|
More topic actions...
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding The Caboteria?
Send feedback