Chapter 6. Enterprise Java Security Deployment Scenarios

The J2EE security model forms a fundamental building block for secure enterprise systems. Such a specification needs to be backed by the solid and secure implementation of a J2EE product and applications hosted within a topology that provides enterprise-level security. The topology considers the common practice whereby business-critical data and applications are shielded from direct Internet access. J2EE applications that make up an enterprise solution should be partitioned and deployed into an environment that considers the security requirements of the enterprise. In addition to J2EE Web application servers, most enterprise environments consist of legacy or other applications accessed through the Java applications. Each of these environments must take the security of non-J2EE products into consideration while ensuring that no part of the environment is exposed owing to lack of security enforcement.

This chapter identifies deployment patterns within enterprise environments. It discusses how firewalls are used to create secure zones, based on the assumption that the farther a zone is from the direct Internet access, the more difficult it should be to access security-sensitive information stored in that zone. If contents are served at the edge of the network, a security policy can be enforced by placing secure reverse proxy servers that ensure a level of authentication and authorization before the content gets served . In the presence of enterprise environments in which various systems are integrated, resource adapters are an important part of the enterprise system. Even if some of the systems that are connected through resources do not have built-in security mechanisms, external network solutions can be used to provide a secure environment. These solutions include using firewalls to isolate zones, using Internet Protocol Security (IPSec), and building virtual private networks (VPNs).