The system administrator is responsible for the overall security configuration of the enterprise's network environment. Although most of the system administrator's tasks are independent of specific applications deployed in the enterprise, these security administration tasks affect the deployment of EJB applications. In this section, we describe the security administration procedures relevant to the discussion of EJB application security. Keep in mind that the EJB specification does not define or require these procedures; rather, they are typically used in enterprise environments. The following system administration tasks are relevant to the deployment of an EJB application:
Let's look at some of the tasks that a system administrator at Star Enterprise may perform that are relevant to the deployment of the benefits application described in Chapter 8. 11.1.1 Administering Users and Security PrincipalsTo begin, the Star Enterprise system administrator manages the user accounts and user groups. The system administrator creates a user account for a new employee. Depending on the employee's role in the enterprise, the system administrator adds the user account to the appropriate user groups. For example, when Mary Smith joins the benefits administration department as the department director, the system administrator creates a user account for her and adds her user account to the employees, payroll-department, and directors user groups. The user account information is used for authentication and authorization purposes. Authentication takes place when a user connects to the system. For example, when Mary Smith logs in to her computer, she first needs to authenticate herself prove that she is indeed Mary Smith to the enterprise network security manager. After she authenticates herself, Mary's session is associated with a security token. The security token represents the information from her user account, including the user groups to which the user account belongs, and it allows applications and servers to check authorizations. When Mary invokes an application or a database on the enterprise's network, the security token is passed along with the request to the target application or database. The target application or database server uses the passed security token to check whether Mary Smith is authorized to access the requested application or data. 11.1.2 Managing Principal MappingPassing the security token works only if the target application or database system understands the security token. If it is in a different security domain, the target application or database system may not understand the token. Such a situation necessitates one of two solutions:
This second technique, called principal mapping, is managed by the system administrator. Principal mapping allows Mary Smith to use a single password across the entire set of applications and database systems at Star Enterprise. In our benefits application example, the payroll system is an application running on a mainframe. The payroll system does not understand the security token received from the network on which Mary Smith's computer resides. In order for the payroll system to recognize Mary Smith or any other user from that network as an authorized user, the Payroll App Server EJB container (see Figure 8.1 on page 246) needs to perform principal mapping on the calls coming to the mainframe payroll application. For the EJB container to perform principal mapping, the system administrator must have already set it up. The principal mapping maps all clients of PayrollEJB to a single mainframe user. From the perspective of the mainframe, all instances of PayrollBean use the identity of a single mainframe user, which we'll call payroll user, to invoke the mainframe payroll system. Within the mainframe environment, the payroll user is authorized to access all the information needed by PayrollEJB. Figure 11.1 illustrates mapping of principals. Figure 11.1. Principal Mapping |