EJB.15.4 Deployer s Responsibilities

EJB.15.4 Deployer's Responsibilities

The deployer is responsible for ensuring that an assembled application is secure after it has been deployed in the target operational environment. This section defines the deployer's responsibility with respect to EJB architecture security management.

The deployer uses deployment tools provided by the EJB container provider to read the security view of the application supplied by the application assembler in the deployment descriptor. The deployer's job is to map the security view that was specified by the application assembler to the mechanisms and policies used by the security domain in the target operational environment. The output of the deployer's work includes an application security policy descriptor that is specific to the operational environment. The format of this descriptor and the information stored in the descriptor are specific to the EJB container.

The following subsections describe the security related tasks performed by the deployer.

EJB.15.4.1 Security Domain and Principal Realm Assignment

The deployer is responsible for assigning the security domain and principal realm to an enterprise bean application.

Multiple principal realms within the same security domain may exist, for example, to separate the realms of employees , trading partners , and customers. Multiple security domains may exist, for example, in application hosting scenarios.

EJB.15.4.2 Assignment of Security Roles

The deployer assigns principals and/or groups of principals (such as individual users or user groups) used for managing security in the operational environment to the security roles defined in the security-role elements of the deployment descriptor.

Typically, the deployer does not need to change the method permissions assigned to each security role in the deployment descriptor.

The application assembler linked all the security role references used in the bean's code to the security roles defined in the security-role elements. The deployer does not assign principals and/or principal groups to the security role references ”the principals and/or principal groups assigned to a security role apply also to all the linked security role references. For example, the deployer of the AardvarkPayroll enterprise bean in Section EJB.15.3.3 would assign principals and/or principal groups to the security-role payroll-department , and the assigned principals and/or principal groups would be implicitly assigned also to the linked security role payroll .

The EJB architecture does not specify how an enterprise should implement its security architecture. Therefore, the process of assigning the logical security roles defined in the application's deployment descriptor to the operational environment's security concepts is specific to that operational environment. Typically, the deployment process consists of assigning to each security role one or more user groups (or individual users) defined in the operational environment. This assignment is done on a per-application basis. (That is, if multiple independent EJB JAR files use the same security role name , each may be assigned differently.)

EJB.15.4.3 Principal Delegation

The deployer is responsible for configuring the principal delegation for inter-component calls. The deployer must follow any instructions supplied by the application assembler (for example, provided in the description elements of the deployment descriptor, or in a deployment manual).

The default mode is to propagate the caller principal from one component to another (i.e., the caller principal of the first enterprise bean in a call-chain is passed to the enterprise beans down the chain). In the absence of instructions from the application assembler, the deployer should configure the enterprise beans such that this "caller propagation" mode is used when one enterprise bean calls another. This ensures that the returned value of getCallerPrincipal() will be the same for all the enterprise beans involved in a call chain.

EJB.15.4.4 Security Management of Resource Access

The deployer's responsibilities with respect to securing resource managers access are defined in Section EJB.14.4.2.

EJB.15.4.5 General Notes on Deployment Descriptor Processing

The deployer can use the security view defined in the deployment descriptor by the bean provider and application assembler merely as "hints" and may change the information whenever necessary to adapt the security policy to the operational environment.

Since providing the security information in the deployment descriptor is optional for the application assembler, the deployer is responsible for performing any tasks that have not been done by the application assembler. (For example, if the definition of security roles and method permissions is missing in the deployment descriptor, the deployer must define the security roles and method permissions for the application.) It is not required that the deployer store the output of this activity in the standard EJB JAR file format.