9.1. J2EE Security
Security is an important part of J2EE application architecture because the J2EE components and tiers used in a system's architecture determine the choice of security technologies. If an application uses only web-based technologies, then it only needs to restrict access to JSPs, Servlets, and so on. But EJBs are now part of the JAW Motors architecture, so they must be protected as well. The system must create a security context that encompasses the entire J2EE stack from frontend web pages to backend business logic and data. We need a unified security mechanism that propagates the user's credentials to all components in the application.
The two fundamental concepts in J2EE security are:
Authentication is an important aspect of a J2EE application's architecture and security strategy, and ensures that only valid users or entities can use the system's resources. Authentication is the front line of defense in protecting sensitive business logic and data from users. Authentication identifies a user in the system, and requires the user to log on just as they would log on to an operating system or database. Users identify themselves to the system by supplying credentials, which could be in the form of passwords, certificates, or keys. If the user enters a valid username and password, the user can access sensitive portions of the web site; otherwise, access is denied.
Although restricting access on internal business functions and web pages to known users of the JAW Motors is a good first step in securing the system, it still isn't enough. We know who the user is, but what can they do in the system? What are they not allowed to do? How can we ensure that users see only what they're allowed to access? Authorization answers these questions and strengthens security by adding the concept of roles to our security realm. Each role represents different types of users, and the JAW Motors application has the following roles:
Although there is no need to protect public pages and their underlying business logic, we must prevent unauthenticated/unauthorized users from accessing protected web pages and business functions.
Let's start by securing the web tier and working our way down through the architecture.