Importance of a Security Subsystem

A security subsystem is one of the most critical components of a J2EE application server. Writing distributed applications can open many possible exploits into accessing sensitive data and logic. The more complex your applications become, the greater the chance for introducing an exploit.

Not properly securing your applications can potentially result in catastrophic consequences, leading anywhere from monetary losses to lost customers and legal implications. Securing your applications and knowing how to properly configure the security components is what ultimately protects your data, intellectual property, and business logic.

Geronimo provides a set of security components that follow proven and established Java security standards, so that you can secure your applications, and limit the possibilities of an exploit.

The Geronimo security architecture is based on JAAS and JACC. In the following discussions, a certain level of familiarity with the concepts and operation of JAAS and JACC is assumed. Readers unfamiliar with these Java specifications are encouraged to review their reference documentation at the following URLs:

• JAAS - http://java.sun.com/products/jaas/reference/docs/index.html

• JACC - http://java.sun.com/j2ee/javaacc/index.html

All JAAS and JACC concepts will be briefly introduced before they are applied in the discussion, and your familiarity with them will help you to quickly grasp the important role they play in the greater Geronimo Security Architecture.