Chapter 3. Enterprise Java Security Fundamentals

Previous page
Table of content
Next page
 <  Day Day Up  >  

The J2EE platform has achieved remarkable success in meeting enterprise needs, resulting in its widespread adoption. The security infrastructure plays a key role in the e-business strategy of a company. J2EE provides a standard approach to allow enterprise applications to be developed without hard-coded security policies. Instead, declarative policies are bundled with an assembled set of application components . Security policies specified using this security model are enforced in any operational environments and deployed in any of the application servers that host them.

The J2EE security model addresses authentication, authorization, delegation, and data integrity for the components that make up a J2EE environment. This environment includes J2EE applications ”Web components, such as servlets and JSP files, EJB components, Java 2 connectors, and JavaMail ”and secure interoperability requirements. The J2EE security model also considers the organizational roles that define and enforce these security policies:

  • Application Component Provider

  • Application Assembler

  • Deployer

  • System Administrator

  • J2EE Product Provider

This chapter provides an overview of J2EE, exploring the J2EE security model. The chapter explains how various J2EE components are tied into enterprise security, describes how the J2EE security model addresses the security of J2EE components, and identifies the responsibility of each of the organizational roles in enforcing security. Declarative security policies and programmatic security APIs are explained, in addition to the security requirements on JavaMail, Java connectors, client applications, and containers. This chapter also outlines the secure interoperability requirements that exist between various application servers.

Since its inception, one of the top requirements of the J2EE security model has been to support secure application deployments that do not rely on private networks or other application runtime isolation techniques. This allows application portability between containers. Another requirement has been to reduce the application developer's burden by delegating the security responsibilities to the J2EE roles. Finally, the policy-driven security model enables much of security enforcement to be handled without custom code.

 <  Day Day Up  >  

Previous page
Table of content
Next page
Enterprise Java Security. Building Secure J2EE Applications
Enterprise Javaв„ў Security: Building Secure J2EEв„ў Applications
ISBN: 0321118898
EAN: 2147483647
Year: 2004
Pages: 164
Authors: Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
WebLogic: The Definitive Guide
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
GO! with Microsoft Office 2003 Brief (2nd Edition)
VBScript in a Nutshell, 2nd Edition
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy