5.3 Authentication

Previous page
Table of content
Next page
 <  Day Day Up  >  

The EJB specification does not directly address the issue of authentication and the authentication process. Most of the specification deals with authenticated principals and the actions they can take, such as invoking EJB methods . In most respects, the model follows a simplified version of the Common Object Request Broker Architecture (CORBA) security model. Authentication is the responsibility of the EJB container and could be implemented using JAAS, as described in Chapter 9 on page 289. It is the EJB Container Provider's responsiblity to use, as appropriate, existing authentication mechanisms provided by the underlying platforms or security providers.

In the CORBA authentication model, an ORB, such as RMI-IIOP, receives a method invocation request and examines the security attributes of the request prior to method dispatch. If the principals are authenticated, the process moves on to the authorization phase.

Aside from the authorization process, the result of authentication appears in several places. In particular, EJB technology includes the concept of a security role. A security role is a set of J2EE permissions to make it easier for the Deployer and the System Administrator to administer authorization. When a client attempts to access an EJB method, the calling principal is logically assigned to zero or more security roles defined by the application, as configured by the Deployer.

For the Enterprise Bean Provider, authenticated- user information appears in two methods in the EJBContext interface, as described in Section 5.2.1.3 on page 167.

  1. The first method conveying user information is isCallerInRole() . After the requesting principal is authenticated, the principal is assigned one or more security roles. If authorization is successful, the target enterprise bean method is invoked. During the execution of the EJB method, the enterprise bean code can determine whether the caller is a member of a specific security role. The EJB container evaluates whether the user is granted the role, based on the mapping between the String argument to the isCallerInRole() method and the roles declared in the enterprise bean's deployment descriptor.

  2. The second method, getCallerPrincipal() , returns a Principal object representing the authenticated principal currently executing the enterprise bean. The result of getCallerPrincipal() is implementation specific and is discussed in Section 5.5.

From an authentication perspective, the EJB Container Provider is responsible for providing tools and runtime support for

  • The EJBContext methods getCallerPrincipal() and isCallerInRole()

  • Security role name mappings as defined in the EJB deployment descriptor

  • Tools for the Deployer and the System Administrator to perform security administration, including security role mapping and assignment of roles to principals or user groups

  • Principal authentication and delegation support in the ORB

 <  Day Day Up  >  

Previous page
Table of content
Next page
Enterprise Java Security. Building Secure J2EE Applications
Enterprise Javaв„ў Security: Building Secure J2EEв„ў Applications
ISBN: 0321118898
EAN: 2147483647
Year: 2004
Pages: 164
Authors: Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Snort Cookbook
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Twisted Network Programming Essentials
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy