| In EJB applications, the container bears most of the responsibility for enforcing application security at runtime. The EJB container is responsible for a number of tasks related to authentication and security principals. In addition, the container is responsible for tasks pertaining to the management of security in a multiapplication and multidomain environment. The EJB container provider is responsible for providing the security mechanisms applicable to the target operational environment. Because it is typically an integral part of the security infrastructure of the operational environment, the EJB container interacts with the other parts of the operational environment to implement the security mechanisms. 11.2.1 Authentication and Authorization Tasks The container handles authentication and authorization tasks in the following areas: Authenticating principals Typically, the user accounts and the definitions of the user groups in the operational environment are stored in an external directory system rather than directly in the container. User accounts and groups are kept in an external directory from the container because all enterprise applications use this information, not just the EJB applications running in the container. Therefore, the container must be able to interface in a secure manner with the user account information. An enterprise may use either a proprietary protocol or standard protocol, such as the Kerberos protocol, for this purpose. Enforcing method permissions The EJB container enforces the method permissions defined in the application's deployment descriptor. The EJB container dispatches a client-invoked method on an enterprise bean only if the client has been assigned a security role that has permission to invoke the target method. Otherwise, the container throws an exception to the client. Controlling access to resource managers Many enterprise beans access resource managers, such as databases. The EJB container is responsible for managing the authentication protocol with the resource manager, based on the deployer's instructions.
11.2.2 Managing Multiple Applications and Domains The container also has tasks related to managing security among multiple applications and multiple domains. Many enterprise environments run multiple applications, often across various security domains. To ensure that no security breaches occur among the various applications, the container is responsible for the following tasks: Ensuring the integrity of concurrent applications The container may execute multiple applications at the same time, may handle invocations from multiple clients at the same time, and may cache sensitive data in memory. The container ensures that this concurrent activity does not result in a security breach. The container must isolate the running applications and users from one another so that information is not "leaked" via the container from one application to another. In addition, the container ensures that data access by one user is not exposed to another user. The container should be implemented to be safe from security attacks. Mapping principals between domains When clients from one security domain invoke enterprise beans in a different security domain or when the beans invoke other enterprise beans or other types of applications that are in different security domains, the container participates in the protocol for mapping the principals between the domains. Keeping an audit trail The container typically maintains an audit trail of detected attempts to breach security. This audit trail is intended for the system administrator to identify security threats.
|
