EJB.15.1 Overview

We set the following goals for the security management in the EJB architecture:

• Lessen the burden of the application developer (i.e., the bean provider) for securing the application by allowing greater coverage from more qualified EJB architecture roles. The EJB container provider provides the implementation of the security infrastructure; the deployer and system administrator define the security policies.

• Allow the security policies to be set by the application assembler or deployer rather than being hard-coded by the bean provider at development time.

• Allow the enterprise bean applications to be portable across multiple EJB servers that use different security mechanisms.

The EJB architecture encourages the bean provider to implement the enterprise bean class without hard-coding the security policies and mechanisms into the business methods . In most cases, the enterprise bean's business method should not contain any security- related logic. This allows the deployer to configure the security policies for the application in a way that is most appropriate for the operational environment of the enterprise.

To make the deployer's task easier, the application assembler (which could be the same party as the bean provider) may define security roles for an application composed of one or more enterprise beans. A security role is a semantic grouping of permissions that a given type of users of the application must have in order to use the application successfully. The applications assembler can define ( declaratively in the deployment descriptor) method permissions for each security role. A method permission is a permission to invoke a specified group of methods of the enterprise beans' home and remote interfaces. The security roles defined by the application assembler present a simplified security view of the enterprise beans application to the deployer ”the deployer's view of the application's security requirements is the small set of security roles rather than a large number of individual methods.

The deployer is responsible for assigning principals, or groups of principals, which are defined in the target operational environment, to the security roles defined by the application assembler for the enterprise beans in the deployment descriptor. The deployer is also responsible for configuring other aspects of the security management of the enterprise beans, such as principal mapping for inter-enterprise bean calls and principal mapping for resource manager access.

At runtime, a client will be allowed to invoke a business method only if the principal associated with the client call has been assigned by the deployer to have at least one security role that is allowed to invoke the business method.

The container provider is responsible for enforcing the security policies at runtime, providing the tools for managing security at runtime, and providing the tools used by the deployer to manage security during deployment.

Because not all security policies can be expressed declaratively, the EJB architecture provides a simple programmatic interface that the bean provider may use to access the security context from the business methods.

The following sections define the responsibilities of the individual EJB roles with respect to security management.