The J2EETM Tutorial
Home
TOC
Index
PREV TOP NEXT Search
Feedback

Security

Eric Jendrock

The J2EE application programming model insulates developers from mechanism-specific implementation details of application security. J2EE provides this insulation in a way that enhances the portability of applications, allowing them to be deployed in diverse security environments.

Some of the material in this chapter assumes that you have an understanding of basic security concepts. To learn more about these concepts, we highly recommend that you explore the Security trail in the Java Tutorial (see http://java.sun.com/docs/books/tutorial/security1.2/index.html) before you begin this chapter.

In This Chapter

Overview
Security Roles
Declaring and Linking Role References
Mapping Roles to J2EE Users and Groups
Web-Tier Security
Protecting Web Resources
Controlling Access to Web Resources
Authenticating Users of Web Resources
Using Programmatic Security in the Web Tier
Unprotected Web Resources
EJB-Tier Security
Declaring Method Permissions
Using Programmatic Security in the EJB Tier
Unprotected EJB-Tier Resources
Application Client-Tier Security
Specifying the Application Client's Callback Handler
EIS-Tier Security
Configuring Sign-On
Container-Managed Sign-On
Component-Managed Sign-On
Configuring Resource Adapter Security
Propagating Security Identity
Configuring a Component's Propagated Security Identity
Configuring Client Authentication
J2EE Users, Realms, and Groups
Managing J2EE Users and Groups
Setting Up a Server Certificate
Home
TOC
Index
PREV TOP NEXT Search
Feedback