Securing the Application Server

This tutorial describes deployment to the Sun Java System Application Server, which provides highly secure, interoperable, and distributed component computing based on the Java EE security model. The Application Server supports the Java EE 5 security model. You can configure the Application Server for the following purposes:

• Adding, deleting, or modifying authorized users. For more information on this topic, read Working with Realms, Users, Groups, and Roles (page 914).

• Configuring secure HTTP and IIOP listeners.

• Configuring secure JMX connectors.

• Adding, deleting, or modifying existing or custom realms.

• Defining an interface for pluggable authorization providers using Java Authorization Contract for Containers (JACC).

  Java Authorization Contract for Containers (JACC) defines security contracts between the Application Server and authorization policy modules. These contracts specify how the authorization providers are installed, configured, and used in access decisions.

• Using pluggable audit modules.

• Setting and changing policy permissions for an application.

The following features are specific to the Application Server:

• Message security

• Single sign-on across all Application Server applications within a single security domain

• Programmatic login

For more information about configuring the Application Server, read the Application Server's Developer's Guide and Administration Guide. Links to both of these documents are provided in Further Information (page 934).