J2EE Security Definitions

The J2EE platform uses a set of standard terms and definitions that describe the J2EE environment's specific security requirements such as roles, users, policies and related technologies. The definitions are as follows:

• Principal: A principal is an entity (a person or an application client) that can be authenticated by an authentication service or a security realm. As a result of authentication, the principal is identified with a unique name and its associated data.

• Security Realm or Policy Domain: A security realm provides common security policies and mechanisms that can be enforced by a security service for protecting J2EE platform-managed resources.

• Security Provider: A security provider provides security technologies and associated services to enforce a security policy that protects applications and resources. Usually, J2EE vendors provide support for third-party or standards-based security providers that can be plugged into a J2EE server security realm.

• Security Attributes: The security attributes are data-specific to a principal that allows or denies access to resources and to auditing of the principal.

• Security Credential: The security credential contains information related to authentication of a principal. The contents and format of a security credential vary depending on the authentication mechanisms in use.

Now let's take a closer look at the J2EE platform security infrastructure and mechanisms.