Borland's Enterprise Server BasicsBorland Enterprise Server v 5.0 provides an enterprise platform for distributed object technology using CORBA and J2EE components . The server is available in three editions:
For more information you can visit www.inprise.com and www.borland.com/techpubs/ . A brief Borland's Enterprise Server overviewThe Borland's Enterprise Server architecture enables you to create not only J2EE applications but also leverage the distributed services of CORBA. The Borland's Enterprise Server provides a set of three core services:
You can have many partitions. Each partition instance has a Web Container (Tomcat 4.0), an EJB Container (Borland's), a Transaction Service, a Session Service, a Naming Service, and a JDataStore. In addition, the AppServer Edition provides support for JNDI, RMI-IIOP, JDBC, servlets, JSP, JMS, JTA, Java Mail, JCA, JAAS, and JAXP. Understanding the basics of Borland's Enterprise Server SecurityThe Management Console allows configuration and management of services and resources. For instance, you can manage servers on the network, and start and stop services and the like from this console. Also, you can access, manage, and set properties of EJB JAR files, Enterprise Application Resources (EARs), Web Application Resources (WARs), Resource Adapters (RARs), and monitor performance. Deployment information is stored via XML deployment descriptor files. Via the deployment descriptor you can specify the security roles, method permissions, and links between them for an application. This provides access control to the application. The Enterprise Server, in conjunction with the Borland Security Service, provides multiple levels of security, a console security-based management console, an SSL-based client security, and an implementation of JAAS. In addition, the security service incorporates WJB security with CORBASec security. The administration and configuration of security is provided by the Security Service via properties managed by a Security Services Administrator.
The Security Service allows you to establish secure connections between clients and servers. It also integrates with the Web container to allow its own authentication and authorization mechanisms to propagate security information to other EJB containers if necessary. Borland Enterprise Server supports HTTP basic authentication, HTTP digest authentication, HTTPS client authentication, and form-based authentication. Authentication and authorization is a JAAS implementation, and the authentication policy is determined by properties. The authentication can be achieved by the simple username and password combination or by a certificate. Security realms are defined and correspond to a JAAS LoginModule . Authorization is based on the user 's identity and the ACLs.
Authorization domains, which are security contexts used to set authorization permissions, can be established and associated with an EJB in its deployment description. There can be many authorization domains, but all of them need to be registered with the VisiBroker ORB. Authorization in the CORBA environment allows only identities, in specific roles for a given object, to access that object. The access policy is specified in the protection policy for the Portable Object Adapter (POA). In addition, the Security Service uses JSSE to perform SSL communication. SSL is used for message confidentiality, message integrity, and certificate-based authentication. Public-key encryption is available and digital signatures are supported. The Borland Enterprise Server supports connectors via the JCA environment, which consists of the implementation of the JCA in the application server and the EIS-specific Resource Adapter. It supports transactions and two-phase commits. Java Security Solutions ISBN: 0764549286
EAN: 2147483647 Year: 2001
Pages: 222 Authors: Rich Helton, Johennie Helton
flylib.com © 2008-2017. If you may any questions please contact us: flylib@qtcs.net |