JavaEJBEJB Container Security

EJB Container Security


This material is from the book JBuilder Developer’s Guide , written by Saleem Siddiqui, Michael Landy, and Jeff Swisher, published by Sams Publishing.

© Copyright Sams Publishing. All rights reserved.


Security is an important issue in the development and deployment of
all enterprise-based applications. This security is implemented using
the container's support for security specified within the EJB specification.
The EJB framework is designed to have security built within the container
allowing the implementation of security to be effortless.

The EJB security model is designed for the enterprise-based applications
and should not be used if EJBs are not being used. The process of implementing
this security within EJBs is defined based on the security requirements
needed within your implementation. Implementing this typically requires
the following:

  • Defining users and groups

  • Associating application resources to users or groups

  • Providing efficient and different methods of maintaining security

  • Implementing logic to validate security at runtime

  • Implementing tools to mange users, groups, and privileges

Authentication

Authentication is the process of verifying that a client is who they
claim to be. Authentication is the basis from which the remaining portions
of the security model are constructed—the foundation. Many different
authentication mechanisms are available in most EJB containers. For
example, Borland's Enterprise Server contains authentication with
JDBC, LDAP, JDatastore, or the implementation of a custom security class.

Authorization

Authorization is the process of giving rights to the underlying implementation.
For example, you might require a certain set of rights to call a given
method. Authentication can be implemented via the container, or you
can programmatically implement the security within the bean home interface.
To help visualize the implementation of the authorization mechanisms,
take a look at the security sequence diagram shown in Figure 1.


Figure 1
Sequence diagram for illustrating server-based authentication.

Secure Communication

Secure communication is probably the simplest to implement but the
most complex if you look at what is hidden from you in the details.
JBuilder does not offer any special features to either manage or implement
secure communication; this is simply a feature of the container. For
example, Borland Enterprise Server can communicate either between the
clients or between other J2EE servers using SSL configured through the
use of the container's console.

JBuilder's Support

JBuilder's support is actually simple. It is divided into two
sections. The first is the capability to define the roles that will
be available to the security editor in order (see Figure
2).

The second is the capability to assign security to any interface or
method based on the role of the end-user (see Figure
3).


Figure 2
Building new roles for the security domain.


Figure 3
Assigning roles to either an interface, method, or both.

About the Authors

Saleem Siddiqui is a technical architect and trainer with Dunn Solutions Group. He is also a Sun Certified Developer and a Borland Certified JBuilder Instructor. At Dunn, he provides consulting services and business application development.

Michael Landy is Director of Business Applications for Dunn Solutions Group directing the strategic solutions for clients.

Jeff Swisher is a technical manager for the Dunn Solutions Group business applications. He works as a programmer, trainer, architect, and instructional designer. He is a Sun Certified Java Developer and a Borland Certified Instructor in JBuilder.

Source of this material

This material is from Chapter 23: Developing Entity Beans from the book JBuilder Developer’s Guide (ISBN: 0-672-32427-X) written by Saleem Siddiqui, Michael Landy, and Jeff Swisher, published by Sams Publishing.

To access the full Table of Contents for the book.


Other Chapters from Sams Publishing:

Web Services and Flows (WSFL)

Overview of JXTA

Introduction to EJBs

Processing Speech with Java

The Java Database Control in BEA Weblogic

Databases and Tomcat

Working with JAX-RPC

Understanding Servlets


Latest Posts

Related Stories